General
-
Target
8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472.exe
-
Size
544KB
-
Sample
241112-x149nszala
-
MD5
b426949bdcc6a4501da37eb031c1d3a9
-
SHA1
9d8232bdeb696055d387c1afd124010e0530f204
-
SHA256
8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472
-
SHA512
64d369726579feb19ec03d8e333b88a964560db1be76fcbdc067be1297a4f44c8f19543d6cf5e2b57ebfd785ab1bd27127c8bcaa02f8d0f80bec6cec6632ff6c
-
SSDEEP
12288:wMrky90mR1Mh6dUKfmznzkdDQMyMKr96auScKh:EymiUKMQd6xF/Ph
Static task
static1
Behavioral task
behavioral1
Sample
8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472.exe
-
Size
544KB
-
MD5
b426949bdcc6a4501da37eb031c1d3a9
-
SHA1
9d8232bdeb696055d387c1afd124010e0530f204
-
SHA256
8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472
-
SHA512
64d369726579feb19ec03d8e333b88a964560db1be76fcbdc067be1297a4f44c8f19543d6cf5e2b57ebfd785ab1bd27127c8bcaa02f8d0f80bec6cec6632ff6c
-
SSDEEP
12288:wMrky90mR1Mh6dUKfmznzkdDQMyMKr96auScKh:EymiUKMQd6xF/Ph
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1