General
-
Target
f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024
-
Size
409KB
-
Sample
241110-ekhrmaslel
-
MD5
5b6a145e7d11d5bdfeea12459424947a
-
SHA1
dae42123cf92b0215059d07ce35ae598396edcfb
-
SHA256
f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024
-
SHA512
e068a3d8184074fdc927f9e1c14d55d88a7eda056c7210c8711ba0b5e0fb5687e94bcb4d7e8c1b4585c033860a44143ab586a9fcdde91fce724469773eb15c02
-
SSDEEP
12288:0Mrmy90EsxOxDmS4wzBrfbVPcVIMhyhuGypK:6y2xkBXzxDVUVIK3pK
Static task
static1
Behavioral task
behavioral1
Sample
f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024
-
Size
409KB
-
MD5
5b6a145e7d11d5bdfeea12459424947a
-
SHA1
dae42123cf92b0215059d07ce35ae598396edcfb
-
SHA256
f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024
-
SHA512
e068a3d8184074fdc927f9e1c14d55d88a7eda056c7210c8711ba0b5e0fb5687e94bcb4d7e8c1b4585c033860a44143ab586a9fcdde91fce724469773eb15c02
-
SSDEEP
12288:0Mrmy90EsxOxDmS4wzBrfbVPcVIMhyhuGypK:6y2xkBXzxDVUVIK3pK
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1