General
-
Target
52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56
-
Size
1.2MB
-
Sample
241110-d1f3asydnp
-
MD5
76893176aa3235c16805dca1ba9f3d33
-
SHA1
c2d443ce21269b3f8b29c91aa20dc90cf5a322f4
-
SHA256
52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56
-
SHA512
204d111d2abc896473398515e5e0cac44f3a8c9b7edcfce153fedde3f6b242041b5efe58db7856bdd6ea02fbabb19bb8485225aa8886b4cdca2aa6899b7dc1b0
-
SSDEEP
24576:noAE92+mzXLkTpkNvet2T013Sa+Eu158ltYwQlVsdlUUULg:oAE92+aI20L3Y6akN
Static task
static1
Behavioral task
behavioral1
Sample
52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56
-
Size
1.2MB
-
MD5
76893176aa3235c16805dca1ba9f3d33
-
SHA1
c2d443ce21269b3f8b29c91aa20dc90cf5a322f4
-
SHA256
52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56
-
SHA512
204d111d2abc896473398515e5e0cac44f3a8c9b7edcfce153fedde3f6b242041b5efe58db7856bdd6ea02fbabb19bb8485225aa8886b4cdca2aa6899b7dc1b0
-
SSDEEP
24576:noAE92+mzXLkTpkNvet2T013Sa+Eu158ltYwQlVsdlUUULg:oAE92+aI20L3Y6akN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1