General
-
Target
186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484
-
Size
479KB
-
Sample
241110-dmyp7aybmm
-
MD5
386b12230f299deb9e040cbf3e24bf29
-
SHA1
bea3f67e1fd9490a38c975baf2c30623df5898e8
-
SHA256
186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484
-
SHA512
178140ada5b05eb7d83b7d79bb902c678a2ee4a43eb0132fad35beaa8433c1aa1dca0fec061762596b274303556bdaef2e2e9a21f412c0b3727cacde6209f14c
-
SSDEEP
12288:dMrSy90eUIJPVrmEAFQP70U5qitV8Z1nlD:by7UsmEnrtKD
Static task
static1
Behavioral task
behavioral1
Sample
186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dease
217.196.96.101:4132
-
auth_value
82e4d5f9abc21848e0345118814a4e6c
Targets
-
-
Target
186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484
-
Size
479KB
-
MD5
386b12230f299deb9e040cbf3e24bf29
-
SHA1
bea3f67e1fd9490a38c975baf2c30623df5898e8
-
SHA256
186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484
-
SHA512
178140ada5b05eb7d83b7d79bb902c678a2ee4a43eb0132fad35beaa8433c1aa1dca0fec061762596b274303556bdaef2e2e9a21f412c0b3727cacde6209f14c
-
SSDEEP
12288:dMrSy90eUIJPVrmEAFQP70U5qitV8Z1nlD:by7UsmEnrtKD
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1