General
-
Target
66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924
-
Size
1.0MB
-
Sample
241111-gtxy1stlgy
-
MD5
99222bba53687e163c06e6abfa10ba77
-
SHA1
831ef02167dceaf09f94a6f29b5215e730c83980
-
SHA256
66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924
-
SHA512
902f691558aac0a54f42ac2836d9d314fd60ee951da75e35eb11fa7a712c27e628232758fd9d3fd9034d193d4bd76a6112a67d2e0619fd1451dccdbef0999764
-
SSDEEP
24576:FyAktvFCJHtkAXwWaVn4d4rkDsgJ1OunKa6seT5+UnCK:gXtdCptkGwWu78sgq90U
Static task
static1
Behavioral task
behavioral1
Sample
66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924
-
Size
1.0MB
-
MD5
99222bba53687e163c06e6abfa10ba77
-
SHA1
831ef02167dceaf09f94a6f29b5215e730c83980
-
SHA256
66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924
-
SHA512
902f691558aac0a54f42ac2836d9d314fd60ee951da75e35eb11fa7a712c27e628232758fd9d3fd9034d193d4bd76a6112a67d2e0619fd1451dccdbef0999764
-
SSDEEP
24576:FyAktvFCJHtkAXwWaVn4d4rkDsgJ1OunKa6seT5+UnCK:gXtdCptkGwWu78sgq90U
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1