General
-
Target
c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5
-
Size
721KB
-
Sample
241111-hn19xstrb1
-
MD5
cb33d2aafdeaeca45715c8042989ec57
-
SHA1
ed79954fabd7995e33ce200f272a651055bef695
-
SHA256
c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5
-
SHA512
70252ef4d8e3bc040d05265d033d98251adaa4ade99059cc7c89066f57294184923836a0f7023abec97a6280ee8e46b00b98c72978700c3f11c90c6ac1213bda
-
SSDEEP
12288:jE3ieHoOpxJokeOBsPjWw+1CJBEWQuaG6vRIo3EUz3yzXF8cs9rZu:36oOfJomiZ+1tTfZP3EiizORrk
Static task
static1
Behavioral task
behavioral1
Sample
c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5
-
Size
721KB
-
MD5
cb33d2aafdeaeca45715c8042989ec57
-
SHA1
ed79954fabd7995e33ce200f272a651055bef695
-
SHA256
c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5
-
SHA512
70252ef4d8e3bc040d05265d033d98251adaa4ade99059cc7c89066f57294184923836a0f7023abec97a6280ee8e46b00b98c72978700c3f11c90c6ac1213bda
-
SSDEEP
12288:jE3ieHoOpxJokeOBsPjWw+1CJBEWQuaG6vRIo3EUz3yzXF8cs9rZu:36oOfJomiZ+1tTfZP3EiizORrk
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1