General
-
Target
86ab9997b0fff40cad0bd8da50418a4bae460838b2c9168e27d08bfb1f154aca
-
Size
689KB
-
Sample
241111-hgmg7atphv
-
MD5
69bac87edb43173431bffc7a3ca3a454
-
SHA1
adeee138c5fd5abaf8345b5f0f71d2e116219383
-
SHA256
86ab9997b0fff40cad0bd8da50418a4bae460838b2c9168e27d08bfb1f154aca
-
SHA512
26edd73cb4a8cdd8e05f377430d4ca416978ee8f15f6b7b691247c9929e8268a4b5191b2daad4ee2bbac84e0a37810e61450197a143c8677bb59a498e8a82099
-
SSDEEP
12288:dMrwy90H2ClvcAg1TFcI3yqOGyJjj90hGEzj1MtQfizIo43xRYMMKbi9Qewcj:Ny4lEAIFcIi1GCjjMLaD4hyM9O9QG
Static task
static1
Behavioral task
behavioral1
Sample
86ab9997b0fff40cad0bd8da50418a4bae460838b2c9168e27d08bfb1f154aca.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
86ab9997b0fff40cad0bd8da50418a4bae460838b2c9168e27d08bfb1f154aca
-
Size
689KB
-
MD5
69bac87edb43173431bffc7a3ca3a454
-
SHA1
adeee138c5fd5abaf8345b5f0f71d2e116219383
-
SHA256
86ab9997b0fff40cad0bd8da50418a4bae460838b2c9168e27d08bfb1f154aca
-
SHA512
26edd73cb4a8cdd8e05f377430d4ca416978ee8f15f6b7b691247c9929e8268a4b5191b2daad4ee2bbac84e0a37810e61450197a143c8677bb59a498e8a82099
-
SSDEEP
12288:dMrwy90H2ClvcAg1TFcI3yqOGyJjj90hGEzj1MtQfizIo43xRYMMKbi9Qewcj:Ny4lEAIFcIi1GCjjMLaD4hyM9O9QG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1