General
-
Target
76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c
-
Size
694KB
-
Sample
241110-dwgg9sxrat
-
MD5
cf6a30a9521a99016576e595511ae9b6
-
SHA1
2a29fa7825d5a3268b23ac6e4bb7dec33c598e1b
-
SHA256
76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c
-
SHA512
d218621853e8c997cb758853a3bf3f7824fa07b5942897b517824c5ed41380d7ade3c8281f3ce9b945b3c48cc2ea1aefab946a5c3d0dab3f6ac629cdf594d78d
-
SSDEEP
12288:UMrry90+jAgJHDSukNxd0K2+xtpg0wiVcAaj8NMNYaTjRp0er6BLs0c:nyvDjrUxub+xtpgoVGyMN13YDIJ
Static task
static1
Behavioral task
behavioral1
Sample
76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c
-
Size
694KB
-
MD5
cf6a30a9521a99016576e595511ae9b6
-
SHA1
2a29fa7825d5a3268b23ac6e4bb7dec33c598e1b
-
SHA256
76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c
-
SHA512
d218621853e8c997cb758853a3bf3f7824fa07b5942897b517824c5ed41380d7ade3c8281f3ce9b945b3c48cc2ea1aefab946a5c3d0dab3f6ac629cdf594d78d
-
SSDEEP
12288:UMrry90+jAgJHDSukNxd0K2+xtpg0wiVcAaj8NMNYaTjRp0er6BLs0c:nyvDjrUxub+xtpgoVGyMN13YDIJ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1