General
-
Target
20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd
-
Size
959KB
-
Sample
241112-y4p5layrhw
-
MD5
46db51180b4f18c5377fa01933f11271
-
SHA1
951791f08b895da91c122fd1db03137ac162470a
-
SHA256
20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd
-
SHA512
16e3ee92d8b6f05160907f541446574dfdf13cb1b3db5cb9d431e727f4effc56042fe3c3349b73f80d9312accb100e0e2b1533c9e4011b7faf3ed570ab13b83b
-
SSDEEP
24576:eymtTVIkOmUtoblPrc+qklOXVNcKXtQhg:tmtTekO4JsHXVN7XtQ
Static task
static1
Behavioral task
behavioral1
Sample
20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd
-
Size
959KB
-
MD5
46db51180b4f18c5377fa01933f11271
-
SHA1
951791f08b895da91c122fd1db03137ac162470a
-
SHA256
20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd
-
SHA512
16e3ee92d8b6f05160907f541446574dfdf13cb1b3db5cb9d431e727f4effc56042fe3c3349b73f80d9312accb100e0e2b1533c9e4011b7faf3ed570ab13b83b
-
SSDEEP
24576:eymtTVIkOmUtoblPrc+qklOXVNcKXtQhg:tmtTekO4JsHXVN7XtQ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1