General
-
Target
25a35d1152bcc52f44179b71ab82c9d93d188ae715a0b91bdd39a3203d48a065
-
Size
696KB
-
Sample
241111-grrdfsthpp
-
MD5
f7532414a9b0dc8200cff751ec9104b1
-
SHA1
50802d383306f656be228c7117ff8ac2645dd0ef
-
SHA256
25a35d1152bcc52f44179b71ab82c9d93d188ae715a0b91bdd39a3203d48a065
-
SHA512
f4ea6e97b30b79dd12dd4d8375de0f121c94857f6dc0884ddff07b1c69f3847e7b242cf1378f70c1451d2ba47218d90603915704531b263fa019e9c153657151
-
SSDEEP
12288:nMrsy90XTuX7J4ZK3HN3EAooK2+8tqg0wiDcOcjq8aHXeMz0hE7ROjLBx:XyWuXFI6tUdob+8tqgoDVciHum0hyOjz
Static task
static1
Behavioral task
behavioral1
Sample
25a35d1152bcc52f44179b71ab82c9d93d188ae715a0b91bdd39a3203d48a065.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
25a35d1152bcc52f44179b71ab82c9d93d188ae715a0b91bdd39a3203d48a065
-
Size
696KB
-
MD5
f7532414a9b0dc8200cff751ec9104b1
-
SHA1
50802d383306f656be228c7117ff8ac2645dd0ef
-
SHA256
25a35d1152bcc52f44179b71ab82c9d93d188ae715a0b91bdd39a3203d48a065
-
SHA512
f4ea6e97b30b79dd12dd4d8375de0f121c94857f6dc0884ddff07b1c69f3847e7b242cf1378f70c1451d2ba47218d90603915704531b263fa019e9c153657151
-
SSDEEP
12288:nMrsy90XTuX7J4ZK3HN3EAooK2+8tqg0wiDcOcjq8aHXeMz0hE7ROjLBx:XyWuXFI6tUdob+8tqgoDVciHum0hyOjz
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1