General
-
Target
8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a
-
Size
1.1MB
-
Sample
241111-gv8rxavakq
-
MD5
e284306e12dcdacb9fa53162790a18b0
-
SHA1
20f1b82a6a9fd5e0f23d3725b789decb16405ca4
-
SHA256
8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a
-
SHA512
f15f14dec9256f499526c96d6e87706a18255a10f7366ca63c957d30c78e2576ff68d4d55193d0ab85fdf71db57397e3f0b8e676169c21fd22fc0e0964099e77
-
SSDEEP
24576:Ny/bgqL1SN8ELd0Ubhi0dNPjHWIAwb03rAehy/3Sc7jPNG:ozh1SK2d0chi0dNPaRDI57jF
Static task
static1
Behavioral task
behavioral1
Sample
8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a
-
Size
1.1MB
-
MD5
e284306e12dcdacb9fa53162790a18b0
-
SHA1
20f1b82a6a9fd5e0f23d3725b789decb16405ca4
-
SHA256
8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a
-
SHA512
f15f14dec9256f499526c96d6e87706a18255a10f7366ca63c957d30c78e2576ff68d4d55193d0ab85fdf71db57397e3f0b8e676169c21fd22fc0e0964099e77
-
SSDEEP
24576:Ny/bgqL1SN8ELd0Ubhi0dNPjHWIAwb03rAehy/3Sc7jPNG:ozh1SK2d0chi0dNPaRDI57jF
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1