General
-
Target
d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a
-
Size
678KB
-
Sample
241104-zjxjlswnbs
-
MD5
1196d2a76349efaaa15bfff71ff2645d
-
SHA1
fa891fff8086e0202d94cfb9e6c632f08d4d0b40
-
SHA256
d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a
-
SHA512
7b0afd0f5623475781a562c267c422252d3dfd1c41b120961737650fbcaf83a601764af4e9040985c6c5b305848ca16448f40f8c7d0586107ffc0ddcee780390
-
SSDEEP
12288:7Mrsy90q/cr1/LzbyFExjmTYbIaMf6Mh40S8qeWqX38j8kbynmMVUrGUv5:ry1/kLnyWjmT3fZg8qxqn8jOmMVqGu5
Static task
static1
Behavioral task
behavioral1
Sample
d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a
-
Size
678KB
-
MD5
1196d2a76349efaaa15bfff71ff2645d
-
SHA1
fa891fff8086e0202d94cfb9e6c632f08d4d0b40
-
SHA256
d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a
-
SHA512
7b0afd0f5623475781a562c267c422252d3dfd1c41b120961737650fbcaf83a601764af4e9040985c6c5b305848ca16448f40f8c7d0586107ffc0ddcee780390
-
SSDEEP
12288:7Mrsy90q/cr1/LzbyFExjmTYbIaMf6Mh40S8qeWqX38j8kbynmMVUrGUv5:ry1/kLnyWjmT3fZg8qxqn8jOmMVqGu5
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1