General
-
Target
513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20N
-
Size
545KB
-
Sample
241110-d6y53asjak
-
MD5
421056d62466850911f8c474dbe057b0
-
SHA1
272abfcbaf0378a53b28c23abce6c7bc2d2ef1dc
-
SHA256
513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20
-
SHA512
4c875cc786f03942a4ebba730f4944bb51e9f0592a4b20526f6e7af888f325ed4f7152f6d3ade31e68daff1df76fa526f7e3d379565310e1284ac1d12c3a4e09
-
SSDEEP
12288:tMrCy900/xEeQD0GVR8A613R618MXAhXPWTBZ3E0KGokHRhia:7yra3RNs3R618BWTn3WnO39
Static task
static1
Behavioral task
behavioral1
Sample
513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20N
-
Size
545KB
-
MD5
421056d62466850911f8c474dbe057b0
-
SHA1
272abfcbaf0378a53b28c23abce6c7bc2d2ef1dc
-
SHA256
513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20
-
SHA512
4c875cc786f03942a4ebba730f4944bb51e9f0592a4b20526f6e7af888f325ed4f7152f6d3ade31e68daff1df76fa526f7e3d379565310e1284ac1d12c3a4e09
-
SSDEEP
12288:tMrCy900/xEeQD0GVR8A613R618MXAhXPWTBZ3E0KGokHRhia:7yra3RNs3R618BWTn3WnO39
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1