General
-
Target
0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a
-
Size
667KB
-
Sample
241105-qnc64a1hka
-
MD5
14c8c8c6c58f3b9fe4105be627151a30
-
SHA1
00c8abd9aaae7b1e17beb9c735b24ccf4555f825
-
SHA256
0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a
-
SHA512
352aa9d8eb4f7c4d0d9afbae5902dde489bf68c29d55afa5379b0234eed075bbe171d957fc9b0ab11f1d8dc369d27a38d6520b33d821e64953f0bc3dc2384323
-
SSDEEP
12288:xMrwy90GWDXe2GAKTLiyk0uSIeFchdMzAYiHqwDRjN2escsvs62C3k9c+t6udjv:FyIVBKiauIsdTKCLsvs62C3kCc6CL
Static task
static1
Behavioral task
behavioral1
Sample
0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a
-
Size
667KB
-
MD5
14c8c8c6c58f3b9fe4105be627151a30
-
SHA1
00c8abd9aaae7b1e17beb9c735b24ccf4555f825
-
SHA256
0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a
-
SHA512
352aa9d8eb4f7c4d0d9afbae5902dde489bf68c29d55afa5379b0234eed075bbe171d957fc9b0ab11f1d8dc369d27a38d6520b33d821e64953f0bc3dc2384323
-
SSDEEP
12288:xMrwy90GWDXe2GAKTLiyk0uSIeFchdMzAYiHqwDRjN2escsvs62C3k9c+t6udjv:FyIVBKiauIsdTKCLsvs62C3kCc6CL
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1