General
-
Target
38636ddcdaec324bb38ac147b4b8dad12285e469e9686b32882d61579b933996
-
Size
688KB
-
Sample
241110-ck8lyawpdt
-
MD5
6717e83eb8c0337e2c464b5893412943
-
SHA1
167897a7913edc493b8e138d1d5e68ec87259938
-
SHA256
38636ddcdaec324bb38ac147b4b8dad12285e469e9686b32882d61579b933996
-
SHA512
7a0ed6b841aaf64544821e9bfcd552fe9d71c04061139e4ac3574ba25a809b133d4a153a278bcb21596a35a9db28c5bfe81d0aa3a7ca4a7a5a0164309e49e859
-
SSDEEP
12288:sMrdy90aEp7scg8hEvRxhMigfIVbVmPPttXS6jWNoEc43xRYMJKbqYheyZmQR:hyzPcgmEv5Z3mHCkW24hyM4GYB
Static task
static1
Behavioral task
behavioral1
Sample
38636ddcdaec324bb38ac147b4b8dad12285e469e9686b32882d61579b933996.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
38636ddcdaec324bb38ac147b4b8dad12285e469e9686b32882d61579b933996
-
Size
688KB
-
MD5
6717e83eb8c0337e2c464b5893412943
-
SHA1
167897a7913edc493b8e138d1d5e68ec87259938
-
SHA256
38636ddcdaec324bb38ac147b4b8dad12285e469e9686b32882d61579b933996
-
SHA512
7a0ed6b841aaf64544821e9bfcd552fe9d71c04061139e4ac3574ba25a809b133d4a153a278bcb21596a35a9db28c5bfe81d0aa3a7ca4a7a5a0164309e49e859
-
SSDEEP
12288:sMrdy90aEp7scg8hEvRxhMigfIVbVmPPttXS6jWNoEc43xRYMJKbqYheyZmQR:hyzPcgmEv5Z3mHCkW24hyM4GYB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1