General
-
Target
e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b
-
Size
1.4MB
-
Sample
241111-hftj4svgma
-
MD5
8cb4774e6ba6a70a34acebf5b3215800
-
SHA1
0cf32474c576059f1c9ba8b9e38a44accb9ccd53
-
SHA256
e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b
-
SHA512
ce78ade641c2db8873ca9ee411348961e02d2cc82c2d9d74329a1c32aec15d8dee6633f141a78bfd3448795fa2fcd544890ce011d2531f2a4916b8a59ecb8b0e
-
SSDEEP
24576:fy0O9AKOQ5KhFW/8rrE+otuBrvWwUpxF9zA8zm5gm56wkvxsfI+jXVPIr:q0+IfETtYvWwUvFpLzmiwkvqfnjl
Static task
static1
Behavioral task
behavioral1
Sample
e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Targets
-
-
Target
e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b
-
Size
1.4MB
-
MD5
8cb4774e6ba6a70a34acebf5b3215800
-
SHA1
0cf32474c576059f1c9ba8b9e38a44accb9ccd53
-
SHA256
e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b
-
SHA512
ce78ade641c2db8873ca9ee411348961e02d2cc82c2d9d74329a1c32aec15d8dee6633f141a78bfd3448795fa2fcd544890ce011d2531f2a4916b8a59ecb8b0e
-
SSDEEP
24576:fy0O9AKOQ5KhFW/8rrE+otuBrvWwUpxF9zA8zm5gm56wkvxsfI+jXVPIr:q0+IfETtYvWwUvFpLzmiwkvqfnjl
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1