General
-
Target
d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4
-
Size
657KB
-
Sample
241030-1jcd4szqhv
-
MD5
53aeb57a80297336b726fe0a5233b348
-
SHA1
de49f7dc5bbd8ff6d2c2413638b161ad3da09cf8
-
SHA256
d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4
-
SHA512
6a9327672e6daf3284d27fa36780fec6b083012167ce510305c30b87147c30e7e41950b144dcf8b203e627cfe9a393d1e194ba752a32627970d6536b60e95463
-
SSDEEP
12288:dMrby90F8GP+laF7Azs/iIp9+16lcbsnGDH0RvkpUZo:eyi8GPCaF7Azu3PcbKeHgcpUm
Static task
static1
Behavioral task
behavioral1
Sample
d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4
-
Size
657KB
-
MD5
53aeb57a80297336b726fe0a5233b348
-
SHA1
de49f7dc5bbd8ff6d2c2413638b161ad3da09cf8
-
SHA256
d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4
-
SHA512
6a9327672e6daf3284d27fa36780fec6b083012167ce510305c30b87147c30e7e41950b144dcf8b203e627cfe9a393d1e194ba752a32627970d6536b60e95463
-
SSDEEP
12288:dMrby90F8GP+laF7Azs/iIp9+16lcbsnGDH0RvkpUZo:eyi8GPCaF7Azu3PcbKeHgcpUm
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1