General
-
Target
42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447
-
Size
787KB
-
Sample
241110-dnznwaxpgv
-
MD5
7a7a25999689db2f7c96fbf52d6ed7bc
-
SHA1
c5bc42070b267226413a9251a014030db6e617fc
-
SHA256
42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447
-
SHA512
e13bd9536a9226f4b322276a915ec595e8aee16ac8bd92e1438ac992248e5140c6d995250fe3f55d5079e9d6e146614d9d34978600de670d083964d7e2fc1396
-
SSDEEP
24576:6yoPQrG/zvBPB3VhKF3f1FnIC617Kweipy:Bu/zBPFaNFG17Kfe
Static task
static1
Behavioral task
behavioral1
Sample
42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447
-
Size
787KB
-
MD5
7a7a25999689db2f7c96fbf52d6ed7bc
-
SHA1
c5bc42070b267226413a9251a014030db6e617fc
-
SHA256
42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447
-
SHA512
e13bd9536a9226f4b322276a915ec595e8aee16ac8bd92e1438ac992248e5140c6d995250fe3f55d5079e9d6e146614d9d34978600de670d083964d7e2fc1396
-
SSDEEP
24576:6yoPQrG/zvBPB3VhKF3f1FnIC617Kweipy:Bu/zBPFaNFG17Kfe
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1