General
-
Target
f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165
-
Size
549KB
-
Sample
241104-qpqtkszkbw
-
MD5
07e33e9238f6c0d667f45cb210bbe2d5
-
SHA1
0db0287f66e08d509c74c1ab51fb56bddbdad14d
-
SHA256
f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165
-
SHA512
9ac2370a07710e9af3b0fa9ac52fd6ec9eb4648573cf6f06840f679b1f965a557e4894ff557c3d1a2413a59affc0785720da260414583215c3ca02ff415954f4
-
SSDEEP
12288:VMrYy90isPEwhts5jnLggW+RdIvYQmKSVXcxWk:FykthOpnLggW+IQi9
Static task
static1
Behavioral task
behavioral1
Sample
f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165
-
Size
549KB
-
MD5
07e33e9238f6c0d667f45cb210bbe2d5
-
SHA1
0db0287f66e08d509c74c1ab51fb56bddbdad14d
-
SHA256
f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165
-
SHA512
9ac2370a07710e9af3b0fa9ac52fd6ec9eb4648573cf6f06840f679b1f965a557e4894ff557c3d1a2413a59affc0785720da260414583215c3ca02ff415954f4
-
SSDEEP
12288:VMrYy90isPEwhts5jnLggW+RdIvYQmKSVXcxWk:FykthOpnLggW+IQi9
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1