General
-
Target
7e0b9e13a26b7a7b300540f3670670ae572d447756893b74dea9fc28140da1d1
-
Size
836KB
-
Sample
241111-mvw11axne1
-
MD5
de9ba88cc03ae41b6b0b4c35ebcdd6f1
-
SHA1
9c9b3232b9d0c3c92ef9d2e7098ed8749b66b7c2
-
SHA256
7e0b9e13a26b7a7b300540f3670670ae572d447756893b74dea9fc28140da1d1
-
SHA512
20f8b176f60181f2ea18bc6b1d44b61a04dc5f98a61e4bf339056eab32fa7270d82c20b6397900816b283f4b55ced94e7b8434a0be0993bacf8da062cae0cb0a
-
SSDEEP
12288:3MrRy90Hv6Ti/C18nuJWpfbwDV8nLQQAwm3zZvPf1fvRLDgdusHlC0SRxdT2G:OyE/m8nxwJ+L5qzZtfvt0vkZ2G
Static task
static1
Behavioral task
behavioral1
Sample
7e0b9e13a26b7a7b300540f3670670ae572d447756893b74dea9fc28140da1d1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
7e0b9e13a26b7a7b300540f3670670ae572d447756893b74dea9fc28140da1d1
-
Size
836KB
-
MD5
de9ba88cc03ae41b6b0b4c35ebcdd6f1
-
SHA1
9c9b3232b9d0c3c92ef9d2e7098ed8749b66b7c2
-
SHA256
7e0b9e13a26b7a7b300540f3670670ae572d447756893b74dea9fc28140da1d1
-
SHA512
20f8b176f60181f2ea18bc6b1d44b61a04dc5f98a61e4bf339056eab32fa7270d82c20b6397900816b283f4b55ced94e7b8434a0be0993bacf8da062cae0cb0a
-
SSDEEP
12288:3MrRy90Hv6Ti/C18nuJWpfbwDV8nLQQAwm3zZvPf1fvRLDgdusHlC0SRxdT2G:OyE/m8nxwJ+L5qzZtfvt0vkZ2G
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1