General
-
Target
58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58
-
Size
559KB
-
Sample
241104-zjzc7swnbt
-
MD5
d0e65399e5a352991c28ac7e85bdd1aa
-
SHA1
38abb9920336fd6622a1cf1aeea10c035f98e159
-
SHA256
58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58
-
SHA512
007bcf630354f9482d6106ca1968cab336fa465aa9e11d2d520a4ae7fc5b1a6cae556b4a636846ce43d78d0b73b2f542b8497a6a8519140df261ab3abba634f2
-
SSDEEP
12288:2MrSy90Hr0ikfKv2f7ar3YsTEUd+pOuaejWWP8BztbcRof4i5sH7Wq/oue:QyyYS0A+phaZWP89tbNfzs6q/I
Static task
static1
Behavioral task
behavioral1
Sample
58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58
-
Size
559KB
-
MD5
d0e65399e5a352991c28ac7e85bdd1aa
-
SHA1
38abb9920336fd6622a1cf1aeea10c035f98e159
-
SHA256
58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58
-
SHA512
007bcf630354f9482d6106ca1968cab336fa465aa9e11d2d520a4ae7fc5b1a6cae556b4a636846ce43d78d0b73b2f542b8497a6a8519140df261ab3abba634f2
-
SSDEEP
12288:2MrSy90Hr0ikfKv2f7ar3YsTEUd+pOuaejWWP8BztbcRof4i5sH7Wq/oue:QyyYS0A+phaZWP89tbNfzs6q/I
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1