General
-
Target
45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1
-
Size
925KB
-
Sample
241105-vfm4jsxmdj
-
MD5
d9dc7edc38c1e4ef9628e11e343181dc
-
SHA1
0b6d224321e8bc596094d017003581fa734e4380
-
SHA256
45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1
-
SHA512
9eb3eec555d1cc721d8a526d4cc3d27199706a9c669777814a578086149690224a8b0b40ad378fd9061d13df7bead9acd9328c9f4ec601247c2011995c6f4d73
-
SSDEEP
24576:qynzRyx/19l7/yzHGJQrN660lPri/SWiEAPCc:xnk5LlbyrwU0p9rAj
Static task
static1
Behavioral task
behavioral1
Sample
45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1
-
Size
925KB
-
MD5
d9dc7edc38c1e4ef9628e11e343181dc
-
SHA1
0b6d224321e8bc596094d017003581fa734e4380
-
SHA256
45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1
-
SHA512
9eb3eec555d1cc721d8a526d4cc3d27199706a9c669777814a578086149690224a8b0b40ad378fd9061d13df7bead9acd9328c9f4ec601247c2011995c6f4d73
-
SSDEEP
24576:qynzRyx/19l7/yzHGJQrN660lPri/SWiEAPCc:xnk5LlbyrwU0p9rAj
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1