General
-
Target
ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74
-
Size
695KB
-
Sample
241105-2r3fyazkcx
-
MD5
399dac108b9fd8da34f8579cd6521bb9
-
SHA1
6b5bfda81085869f3fa761691abe4dded2100209
-
SHA256
ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74
-
SHA512
8573cab7778d498eb08c03db8b79c5ced4ee27e713ab6efc2799f4500f323dda027fdfe78f97fa0593e17d71e39b59c49ffa5b54c7c90db062dd55e8f829dc49
-
SSDEEP
12288:kMrvy90V5ibYrqBJpolQkkjRHkcvDtEaSf7MRNZDA1B1/t1zq5MJmHHmxsHheTmI:TyvcGsPWRE0xyMpAxt1qWQGxo0iI
Static task
static1
Behavioral task
behavioral1
Sample
ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74
-
Size
695KB
-
MD5
399dac108b9fd8da34f8579cd6521bb9
-
SHA1
6b5bfda81085869f3fa761691abe4dded2100209
-
SHA256
ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74
-
SHA512
8573cab7778d498eb08c03db8b79c5ced4ee27e713ab6efc2799f4500f323dda027fdfe78f97fa0593e17d71e39b59c49ffa5b54c7c90db062dd55e8f829dc49
-
SSDEEP
12288:kMrvy90V5ibYrqBJpolQkkjRHkcvDtEaSf7MRNZDA1B1/t1zq5MJmHHmxsHheTmI:TyvcGsPWRE0xyMpAxt1qWQGxo0iI
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1