General
-
Target
23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf
-
Size
550KB
-
Sample
241110-d6ndkaygkh
-
MD5
08f82a2a7624d2b636d356f21ca92bb1
-
SHA1
eff52f9c1c08eb8e3468518e5afb48d29f87ea0e
-
SHA256
23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf
-
SHA512
edb56ca37eac780a285c8f1f1b2de436fd428dc29d222d8455a2bfd8e2dcc970f5f30317315438f665f74ad7791b7a114e7d671c082cfca4cba9a1373bb471ed
-
SSDEEP
12288:sMroy90W4KcV+lGPZ78X4yA4mtN8nVkhsQRth88lMGqpddeB:UyGKcAE9qmrSkhVvKGEs
Static task
static1
Behavioral task
behavioral1
Sample
23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
stek
melevv.eu:4162
-
auth_value
4205381daf6946b2df5fe3bc7eacc918
Targets
-
-
Target
23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf
-
Size
550KB
-
MD5
08f82a2a7624d2b636d356f21ca92bb1
-
SHA1
eff52f9c1c08eb8e3468518e5afb48d29f87ea0e
-
SHA256
23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf
-
SHA512
edb56ca37eac780a285c8f1f1b2de436fd428dc29d222d8455a2bfd8e2dcc970f5f30317315438f665f74ad7791b7a114e7d671c082cfca4cba9a1373bb471ed
-
SSDEEP
12288:sMroy90W4KcV+lGPZ78X4yA4mtN8nVkhsQRth88lMGqpddeB:UyGKcAE9qmrSkhVvKGEs
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1