General
-
Target
ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617
-
Size
530KB
-
Sample
241109-1s2qcstblr
-
MD5
3e3d599e45bb2c85fbfd4f546429574f
-
SHA1
8e421788369b15a85f9d6b8616b6837e0052c40c
-
SHA256
ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617
-
SHA512
2f35aa8e9f3181974188cf61910832c1b905d756fe78f69471c5933c020d233ca3a5159f40e62128c815da117f5bb608fd8af5088b3f8ae5d13309c332f09e72
-
SSDEEP
12288:6MrFy900enD8ga9FCAPGlnE8GxtoJDYWBERB:LyOYga9QAelnE8MYYb
Static task
static1
Behavioral task
behavioral1
Sample
ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617
-
Size
530KB
-
MD5
3e3d599e45bb2c85fbfd4f546429574f
-
SHA1
8e421788369b15a85f9d6b8616b6837e0052c40c
-
SHA256
ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617
-
SHA512
2f35aa8e9f3181974188cf61910832c1b905d756fe78f69471c5933c020d233ca3a5159f40e62128c815da117f5bb608fd8af5088b3f8ae5d13309c332f09e72
-
SSDEEP
12288:6MrFy900enD8ga9FCAPGlnE8GxtoJDYWBERB:LyOYga9QAelnE8MYYb
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1