General
-
Target
19347e45d80139cc41ee65f63ed9ca373e013b037c0294bc4ef822e3fd1c23d4
-
Size
688KB
-
Sample
241110-d5zp7syenn
-
MD5
a6442f9700d025c8f7b4a7deac56e587
-
SHA1
d62a807087933d635e84e42b0617939952ae80e7
-
SHA256
19347e45d80139cc41ee65f63ed9ca373e013b037c0294bc4ef822e3fd1c23d4
-
SHA512
92af2b3fa95474b79ff192be0719b6eb15f0119c4c7628375318bb8132b349c7c352d4d114b7e7c394f6211fe88048db0556d7bcae87aef1f37912353e50b65f
-
SSDEEP
12288:8Mr3y90jUOTP2jodwHQnQt/liCnIamVmY3KhvC+ko43x5YMBKbLn4lpUBw8AEd:byLC2Qk/xumY3f+F4hqMg3ks
Static task
static1
Behavioral task
behavioral1
Sample
19347e45d80139cc41ee65f63ed9ca373e013b037c0294bc4ef822e3fd1c23d4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
19347e45d80139cc41ee65f63ed9ca373e013b037c0294bc4ef822e3fd1c23d4
-
Size
688KB
-
MD5
a6442f9700d025c8f7b4a7deac56e587
-
SHA1
d62a807087933d635e84e42b0617939952ae80e7
-
SHA256
19347e45d80139cc41ee65f63ed9ca373e013b037c0294bc4ef822e3fd1c23d4
-
SHA512
92af2b3fa95474b79ff192be0719b6eb15f0119c4c7628375318bb8132b349c7c352d4d114b7e7c394f6211fe88048db0556d7bcae87aef1f37912353e50b65f
-
SSDEEP
12288:8Mr3y90jUOTP2jodwHQnQt/liCnIamVmY3KhvC+ko43x5YMBKbLn4lpUBw8AEd:byLC2Qk/xumY3f+F4hqMg3ks
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1