General
-
Target
5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061
-
Size
1.0MB
-
Sample
241110-d1sq4aydpj
-
MD5
14ebe138736fe05d3a106d4f99172f71
-
SHA1
cab6b12627678b5594061cae4a9e70ea13cad490
-
SHA256
5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061
-
SHA512
6069706f9c0640063a6a91f0a551c6d54ab5bee3b7d70f22a985bfe9e86a75f0737464c277664328ddc8d84339c5b77c0a6925285bad1951d9cdbb02907d0427
-
SSDEEP
24576:+yx0q/zgW+6+HuRRJeqPkcDc/Gl3T/3B:N5+c/P8+
Static task
static1
Behavioral task
behavioral1
Sample
5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061
-
Size
1.0MB
-
MD5
14ebe138736fe05d3a106d4f99172f71
-
SHA1
cab6b12627678b5594061cae4a9e70ea13cad490
-
SHA256
5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061
-
SHA512
6069706f9c0640063a6a91f0a551c6d54ab5bee3b7d70f22a985bfe9e86a75f0737464c277664328ddc8d84339c5b77c0a6925285bad1951d9cdbb02907d0427
-
SSDEEP
24576:+yx0q/zgW+6+HuRRJeqPkcDc/Gl3T/3B:N5+c/P8+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1