General
-
Target
b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082
-
Size
658KB
-
Sample
241104-qp589s1bkn
-
MD5
ac93827aec4c95204707afb08f6f4329
-
SHA1
45799ca5a063f5530793016df973777300c8c6d5
-
SHA256
b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082
-
SHA512
242ad798ad40a171ebb0eb540e50721b76dffcd39f22c8ce62b9106c6a37c0f64765d6459e87905d2580e4711dc3082e08a5bb8a253cf43710d956380578fb68
-
SSDEEP
12288:0Mrhy90TCfs7UBqGkMEZzFM06bhuN0FF+LArBzl:VyQ8qGgpMFb8qFhrr
Static task
static1
Behavioral task
behavioral1
Sample
b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082
-
Size
658KB
-
MD5
ac93827aec4c95204707afb08f6f4329
-
SHA1
45799ca5a063f5530793016df973777300c8c6d5
-
SHA256
b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082
-
SHA512
242ad798ad40a171ebb0eb540e50721b76dffcd39f22c8ce62b9106c6a37c0f64765d6459e87905d2580e4711dc3082e08a5bb8a253cf43710d956380578fb68
-
SSDEEP
12288:0Mrhy90TCfs7UBqGkMEZzFM06bhuN0FF+LArBzl:VyQ8qGgpMFb8qFhrr
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1