General
-
Target
a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214dN.exe
-
Size
787KB
-
Sample
241114-jxp4pavphw
-
MD5
c4843083b81bda5311cb304408e69330
-
SHA1
efc6cd04158de6ce58a3cc96764979f51ba3873c
-
SHA256
a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214d
-
SHA512
899f15dcd8f05371d1595bf49fc3d15b3a973e6af808dea02537e08209bc2379a416d9c48e39b09b0c024bf6e58cd2ed52d9350a59212d0df5372075b8cc77ff
-
SSDEEP
24576:NyzSMEvTgvipuOJWFr1NOXSOP/YIQqUl0ae:o3oduOUZNOCyYIlUv
Static task
static1
Behavioral task
behavioral1
Sample
a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214dN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214dN.exe
-
Size
787KB
-
MD5
c4843083b81bda5311cb304408e69330
-
SHA1
efc6cd04158de6ce58a3cc96764979f51ba3873c
-
SHA256
a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214d
-
SHA512
899f15dcd8f05371d1595bf49fc3d15b3a973e6af808dea02537e08209bc2379a416d9c48e39b09b0c024bf6e58cd2ed52d9350a59212d0df5372075b8cc77ff
-
SSDEEP
24576:NyzSMEvTgvipuOJWFr1NOXSOP/YIQqUl0ae:o3oduOUZNOCyYIlUv
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1