General
-
Target
ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff
-
Size
689KB
-
Sample
241105-2c5yhs1apl
-
MD5
2f7b42bec4ccd28ba983461cd891aa12
-
SHA1
e0d771d585731d5978526aca70e812c104411846
-
SHA256
ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff
-
SHA512
3733401e77f5e9b9b7e07c7f07bb3c5353e0b6261eece14a92e005272e5449d07c38e96fa55d5752e24ad34b80d626460ffd8c54baad85808a83426d2a16f05c
-
SSDEEP
12288:2MrSy90hmsiSf/QDXH5fhA3aHjvwutW6i0MBmBkX+4aTzNhlCQgUo8l2n:Iy6msig/wH55A3aDv7thfMsB9NO7UGn
Static task
static1
Behavioral task
behavioral1
Sample
ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff
-
Size
689KB
-
MD5
2f7b42bec4ccd28ba983461cd891aa12
-
SHA1
e0d771d585731d5978526aca70e812c104411846
-
SHA256
ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff
-
SHA512
3733401e77f5e9b9b7e07c7f07bb3c5353e0b6261eece14a92e005272e5449d07c38e96fa55d5752e24ad34b80d626460ffd8c54baad85808a83426d2a16f05c
-
SSDEEP
12288:2MrSy90hmsiSf/QDXH5fhA3aHjvwutW6i0MBmBkX+4aTzNhlCQgUo8l2n:Iy6msig/wH55A3aDv7thfMsB9NO7UGn
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1