General
-
Target
a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e
-
Size
534KB
-
Sample
241105-2gkhdaspcl
-
MD5
9b9a9b33a653deee40391e1bb36ade57
-
SHA1
088bca70e5b1e5b5519395f4b342ffc13c820b23
-
SHA256
a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e
-
SHA512
0b451a65c6f9b1688148c1e1b4b0939db7808b07a437280041ec6d77d6b813870128d01fdf6c4938b14ca23169fa515c883d77c1ee22f41d1b58aaef39f905b1
-
SSDEEP
12288:MMrKy90qdqcbD9cgA6zTbbW7GQvRxT+zoEyfE:Oynhcn6z3b2GIT+zifE
Static task
static1
Behavioral task
behavioral1
Sample
a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e
-
Size
534KB
-
MD5
9b9a9b33a653deee40391e1bb36ade57
-
SHA1
088bca70e5b1e5b5519395f4b342ffc13c820b23
-
SHA256
a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e
-
SHA512
0b451a65c6f9b1688148c1e1b4b0939db7808b07a437280041ec6d77d6b813870128d01fdf6c4938b14ca23169fa515c883d77c1ee22f41d1b58aaef39f905b1
-
SSDEEP
12288:MMrKy90qdqcbD9cgA6zTbbW7GQvRxT+zoEyfE:Oynhcn6z3b2GIT+zifE
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1