General
-
Target
886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963
-
Size
666KB
-
Sample
241104-zhxg8awnas
-
MD5
bae03ff875aae5afafafc847f6df3034
-
SHA1
650c09250033ae8c29c29cb1bea85a9263df6fbb
-
SHA256
886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963
-
SHA512
7cc07e8244defe2b93d755ec1b7031fc2dc436b112fed4e0f8ca8bba0cf1239c83527bbdf67b4b9cbaff8d939faa25c30c0fa14cdf436ebaf2e32fcd38afc320
-
SSDEEP
12288:rMrGy90dDpKMw3Em3RSqVME7pl74gwLWy3S6rUTVN/wofPFSL9Iobu6:1yqDputRpME954rFC6r4xwePQaE3
Static task
static1
Behavioral task
behavioral1
Sample
886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963
-
Size
666KB
-
MD5
bae03ff875aae5afafafc847f6df3034
-
SHA1
650c09250033ae8c29c29cb1bea85a9263df6fbb
-
SHA256
886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963
-
SHA512
7cc07e8244defe2b93d755ec1b7031fc2dc436b112fed4e0f8ca8bba0cf1239c83527bbdf67b4b9cbaff8d939faa25c30c0fa14cdf436ebaf2e32fcd38afc320
-
SSDEEP
12288:rMrGy90dDpKMw3Em3RSqVME7pl74gwLWy3S6rUTVN/wofPFSL9Iobu6:1yqDputRpME954rFC6r4xwePQaE3
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1