General
-
Target
4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756
-
Size
656KB
-
Sample
241110-dgrppaxnes
-
MD5
357bbd5d499bbd07d5f8fe02669b3702
-
SHA1
36fdfe5b3b1da83841552d501065e14bafb63180
-
SHA256
4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756
-
SHA512
76cd45d2c3c33882026b4613199a455257689cfae9d6b01f448dd6ce2611ce28ab69f9f1fec97574bf2e6d2b64e1873736f9e733a74d56dc11ada0cffdf49776
-
SSDEEP
12288:mMr1y90amVtat8fj65tQZBwe+3LNLSIasvvNbsurIsxwIpqti:rysrSUSeUlSa9wOIsWI1
Static task
static1
Behavioral task
behavioral1
Sample
4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lint
193.233.20.28:4125
-
auth_value
0e95262fb78243c67430f3148303e5b7
Targets
-
-
Target
4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756
-
Size
656KB
-
MD5
357bbd5d499bbd07d5f8fe02669b3702
-
SHA1
36fdfe5b3b1da83841552d501065e14bafb63180
-
SHA256
4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756
-
SHA512
76cd45d2c3c33882026b4613199a455257689cfae9d6b01f448dd6ce2611ce28ab69f9f1fec97574bf2e6d2b64e1873736f9e733a74d56dc11ada0cffdf49776
-
SSDEEP
12288:mMr1y90amVtat8fj65tQZBwe+3LNLSIasvvNbsurIsxwIpqti:rysrSUSeUlSa9wOIsWI1
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1