General
-
Target
e0e06408c81d82147a97fe930ab53943e65abc316889884d247d939c44fa19d4
-
Size
536KB
-
Sample
241106-ap5pqsselj
-
MD5
16bca536e716eb1d4244970a5a5a4b25
-
SHA1
4e6d8409645a387065c7f1f01a08b180ee8f0354
-
SHA256
e0e06408c81d82147a97fe930ab53943e65abc316889884d247d939c44fa19d4
-
SHA512
c783b94800e00d945461ee1fc6874e5d731ccaaa8735f65b2314642c27e06efa01844ff02cab38440bb2216ff64c1729b23a0fa8bed7aaa9e4800a74e746b233
-
SSDEEP
12288:eMruy905Iy6U//Oq1jGwCPxkYP61PTUEJsHOnX+hwz:sySr3Oq1jGj5P61PTnJJX+M
Static task
static1
Behavioral task
behavioral1
Sample
e0e06408c81d82147a97fe930ab53943e65abc316889884d247d939c44fa19d4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
e0e06408c81d82147a97fe930ab53943e65abc316889884d247d939c44fa19d4
-
Size
536KB
-
MD5
16bca536e716eb1d4244970a5a5a4b25
-
SHA1
4e6d8409645a387065c7f1f01a08b180ee8f0354
-
SHA256
e0e06408c81d82147a97fe930ab53943e65abc316889884d247d939c44fa19d4
-
SHA512
c783b94800e00d945461ee1fc6874e5d731ccaaa8735f65b2314642c27e06efa01844ff02cab38440bb2216ff64c1729b23a0fa8bed7aaa9e4800a74e746b233
-
SSDEEP
12288:eMruy905Iy6U//Oq1jGwCPxkYP61PTUEJsHOnX+hwz:sySr3Oq1jGj5P61PTnJJX+M
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1