General
-
Target
fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272
-
Size
537KB
-
Sample
241105-z1l47s1nbm
-
MD5
eb40b9eccbc51734f126141c0220f3c8
-
SHA1
06040857c23601acf0894ecb913a120e11f10a13
-
SHA256
fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272
-
SHA512
9d805f4640355a86200787cff58aab53cf6d3600959197702eb11614456c54f6f83bb2787f1bcb915fe3889f08ac528935dc7fb87cc861e50bf0c0fe95947e60
-
SSDEEP
12288:YMrGy904oMwPE6CS255C56x2gUCgHPwQ4qMMBQtlfyb:Oyux86ta5C56cg+vwJqDQpo
Static task
static1
Behavioral task
behavioral1
Sample
fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272
-
Size
537KB
-
MD5
eb40b9eccbc51734f126141c0220f3c8
-
SHA1
06040857c23601acf0894ecb913a120e11f10a13
-
SHA256
fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272
-
SHA512
9d805f4640355a86200787cff58aab53cf6d3600959197702eb11614456c54f6f83bb2787f1bcb915fe3889f08ac528935dc7fb87cc861e50bf0c0fe95947e60
-
SSDEEP
12288:YMrGy904oMwPE6CS255C56x2gUCgHPwQ4qMMBQtlfyb:Oyux86ta5C56cg+vwJqDQpo
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1