General
-
Target
723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09
-
Size
534KB
-
Sample
241105-2ld66azeng
-
MD5
4bbdbbdb555203d13f5b6094b446953c
-
SHA1
ee1dd1f69f7c0ccdd500867fe7ab15c0f19caf99
-
SHA256
723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09
-
SHA512
0dc44316b0de09c1c24c7909c9858998c62233da670fbfe162712211b34a14110c408baf127fac6a4732825e0d16f4006d1569173eff4da4b47c12809693aa8c
-
SSDEEP
12288:SMrEy90UYsIl+YDAA7gaUb4HNpeRa3melpmu0mX:iyDldFa84tMRalbm2X
Static task
static1
Behavioral task
behavioral1
Sample
723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09
-
Size
534KB
-
MD5
4bbdbbdb555203d13f5b6094b446953c
-
SHA1
ee1dd1f69f7c0ccdd500867fe7ab15c0f19caf99
-
SHA256
723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09
-
SHA512
0dc44316b0de09c1c24c7909c9858998c62233da670fbfe162712211b34a14110c408baf127fac6a4732825e0d16f4006d1569173eff4da4b47c12809693aa8c
-
SSDEEP
12288:SMrEy90UYsIl+YDAA7gaUb4HNpeRa3melpmu0mX:iyDldFa84tMRalbm2X
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1