General
-
Target
abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08
-
Size
705KB
-
Sample
241110-ejnw9ayhjn
-
MD5
b1b47c7d2d2507d83cd3ed9357b886f1
-
SHA1
b80f829b7d168ef5204583897917cb0d707caa70
-
SHA256
abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08
-
SHA512
9e16886943c60dd5d5d3d1fe44f07a831502f91fa8bb8cedda0d12b914341e68c35eaec265ddce6991b996a74b01f3ab7f52202e5319228a7d7dc61a344c7b70
-
SSDEEP
12288:DMrjy90ows7asnRGeqqi4qgAMvnzqgtG0YHmfx/5LCaXd4A9Vhrp0vC:Qy7wsHzqqfqgAM/egtlNfx/5LCaOA9PJ
Static task
static1
Behavioral task
behavioral1
Sample
abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ronam
193.233.20.17:4139
-
auth_value
125421d19d14dd7fd211bc7f6d4aea6c
Targets
-
-
Target
abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08
-
Size
705KB
-
MD5
b1b47c7d2d2507d83cd3ed9357b886f1
-
SHA1
b80f829b7d168ef5204583897917cb0d707caa70
-
SHA256
abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08
-
SHA512
9e16886943c60dd5d5d3d1fe44f07a831502f91fa8bb8cedda0d12b914341e68c35eaec265ddce6991b996a74b01f3ab7f52202e5319228a7d7dc61a344c7b70
-
SSDEEP
12288:DMrjy90ows7asnRGeqqi4qgAMvnzqgtG0YHmfx/5LCaXd4A9Vhrp0vC:Qy7wsHzqqfqgAM/egtlNfx/5LCaOA9PJ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1