General
-
Target
0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142
-
Size
531KB
-
Sample
241104-131wtaxqaw
-
MD5
1a77b25c7e406a45ef6a9ff078067852
-
SHA1
3e78fea386551964bb15c92fd4fed9611bf11cfd
-
SHA256
0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142
-
SHA512
33115b65307a28b7a5cfccc9b1211c9f1ac4e7fb5ab2346a6fa0cd909b4ac33baba7a556ab4de4dc01596d9f7d4d169c916a4f440abf5e226bfc1a150ae4ed2d
-
SSDEEP
12288:3MrSy90l9YVVCMchSRDvZ/WepyBD4cvtytTTdGX87v2/Rue:Nym94VNv9pynvQtTT8ue
Static task
static1
Behavioral task
behavioral1
Sample
0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rulit
pedigj.eu:4162
-
auth_value
f4df9ef56871d4ac883b282abaf635e0
Targets
-
-
Target
0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142
-
Size
531KB
-
MD5
1a77b25c7e406a45ef6a9ff078067852
-
SHA1
3e78fea386551964bb15c92fd4fed9611bf11cfd
-
SHA256
0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142
-
SHA512
33115b65307a28b7a5cfccc9b1211c9f1ac4e7fb5ab2346a6fa0cd909b4ac33baba7a556ab4de4dc01596d9f7d4d169c916a4f440abf5e226bfc1a150ae4ed2d
-
SSDEEP
12288:3MrSy90l9YVVCMchSRDvZ/WepyBD4cvtytTTdGX87v2/Rue:Nym94VNv9pynvQtTT8ue
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1