General
-
Target
3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c
-
Size
385KB
-
Sample
241110-ebjybssjhl
-
MD5
3182277541120cbc3808e4a7f044749f
-
SHA1
1f6b4004c282ddf6ed65cf28fb3a23ad46472ca1
-
SHA256
3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c
-
SHA512
9fd30094ed7137ab4ecf10e453badf5ab1bda915c356d6fbd1d55834a31dfe228016022eda6519ea0f9055ece17cdbdf1b7a3f77ca21542f543b3cd4f5225b24
-
SSDEEP
6144:K/y+bnr+Jp0yN90QE8PtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN/:NMrVy90AtBLBt/cwlsWzTEItpi1X0a
Static task
static1
Behavioral task
behavioral1
Sample
3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c
-
Size
385KB
-
MD5
3182277541120cbc3808e4a7f044749f
-
SHA1
1f6b4004c282ddf6ed65cf28fb3a23ad46472ca1
-
SHA256
3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c
-
SHA512
9fd30094ed7137ab4ecf10e453badf5ab1bda915c356d6fbd1d55834a31dfe228016022eda6519ea0f9055ece17cdbdf1b7a3f77ca21542f543b3cd4f5225b24
-
SSDEEP
6144:K/y+bnr+Jp0yN90QE8PtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN/:NMrVy90AtBLBt/cwlsWzTEItpi1X0a
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1