General
-
Target
6834139d930042bc8a56def5a4fdb5e9ae91f4371a0f1f7601485c7332134578
-
Size
530KB
-
Sample
241105-2m9z8azeqe
-
MD5
8ab943d123ca10c24a0a1bfdd65ffbc1
-
SHA1
53a4de9ca2d59569d59f66cdfbb5a03ff1e61450
-
SHA256
6834139d930042bc8a56def5a4fdb5e9ae91f4371a0f1f7601485c7332134578
-
SHA512
2644e840dcd245ade33c4823260289fc39ea5f78790f63d0194250c7a2d689932c475013267e42594e6e586a1d53718d59f10416afb41fbc04f9a8810aa6478b
-
SSDEEP
12288:iMrCy90/i7Bu10UzWJWM9i7lI2NapMno0U6brw4:sy9FIN59apuPbrw4
Static task
static1
Behavioral task
behavioral1
Sample
6834139d930042bc8a56def5a4fdb5e9ae91f4371a0f1f7601485c7332134578.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
6834139d930042bc8a56def5a4fdb5e9ae91f4371a0f1f7601485c7332134578
-
Size
530KB
-
MD5
8ab943d123ca10c24a0a1bfdd65ffbc1
-
SHA1
53a4de9ca2d59569d59f66cdfbb5a03ff1e61450
-
SHA256
6834139d930042bc8a56def5a4fdb5e9ae91f4371a0f1f7601485c7332134578
-
SHA512
2644e840dcd245ade33c4823260289fc39ea5f78790f63d0194250c7a2d689932c475013267e42594e6e586a1d53718d59f10416afb41fbc04f9a8810aa6478b
-
SSDEEP
12288:iMrCy90/i7Bu10UzWJWM9i7lI2NapMno0U6brw4:sy9FIN59apuPbrw4
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1