General
-
Target
9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9.exe
-
Size
604KB
-
Sample
241113-zaq1gayemg
-
MD5
0df627da6edc003535a7399d1f256b99
-
SHA1
cb171be08087ed26a5946a3a4897b3181065273b
-
SHA256
9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9
-
SHA512
06af0afdbf81fce7fb2e5f0c07188c6e72a9830e0c7b6a91926dd17d0ec3d88fc48d24be2baa492b73fbde3a811dae55a541eb607549867b2ee62bfdfe015375
-
SSDEEP
12288:FMrzy90/oJxpxJGr+qjVoy0+sOLVKGqePp0roAyxX7dmQHb:ey8oJxpvGr+QoypsOL4GqPoA4dmOb
Static task
static1
Behavioral task
behavioral1
Sample
9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ronam
193.233.20.17:4139
-
auth_value
125421d19d14dd7fd211bc7f6d4aea6c
Targets
-
-
Target
9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9.exe
-
Size
604KB
-
MD5
0df627da6edc003535a7399d1f256b99
-
SHA1
cb171be08087ed26a5946a3a4897b3181065273b
-
SHA256
9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9
-
SHA512
06af0afdbf81fce7fb2e5f0c07188c6e72a9830e0c7b6a91926dd17d0ec3d88fc48d24be2baa492b73fbde3a811dae55a541eb607549867b2ee62bfdfe015375
-
SSDEEP
12288:FMrzy90/oJxpxJGr+qjVoy0+sOLVKGqePp0roAyxX7dmQHb:ey8oJxpvGr+QoypsOL4GqPoA4dmOb
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1