General
-
Target
fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799
-
Size
1.1MB
-
Sample
241111-hs93matrg1
-
MD5
b6576769326f59a037383cef4df295b1
-
SHA1
d5b061d516753922fb19608cef810e713c8b7acd
-
SHA256
fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799
-
SHA512
e211dd05858c407a6f59e49c1fb784bed0495c1fc8da7dfc6668c51a665702777243a87bc1519ca9f779cc6d71ed170ff6956a568d0594dee6ff19e85da1a3a8
-
SSDEEP
12288:rMroy90r4TVUAXAyYkDF//Hrl57wOCIqZ0vcMeLu4Iu9ma78IUfdVYdT89h5DLoh:DyQSVJlY6h57wOQkX4maXsdD9nLB2ck
Static task
static1
Behavioral task
behavioral1
Sample
fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799
-
Size
1.1MB
-
MD5
b6576769326f59a037383cef4df295b1
-
SHA1
d5b061d516753922fb19608cef810e713c8b7acd
-
SHA256
fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799
-
SHA512
e211dd05858c407a6f59e49c1fb784bed0495c1fc8da7dfc6668c51a665702777243a87bc1519ca9f779cc6d71ed170ff6956a568d0594dee6ff19e85da1a3a8
-
SSDEEP
12288:rMroy90r4TVUAXAyYkDF//Hrl57wOCIqZ0vcMeLu4Iu9ma78IUfdVYdT89h5DLoh:DyQSVJlY6h57wOQkX4maXsdD9nLB2ck
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1