General
-
Target
5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039
-
Size
537KB
-
Sample
241109-1s387atbmj
-
MD5
220c5c1cb6d096731ca06bbf6a8166ca
-
SHA1
a5ea81da3e1c7d0eaae134e8f0edbc57a74a2a89
-
SHA256
5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039
-
SHA512
0652dca84feba0df31e3b445ea146bebfa01550a26c60a825c58a4c7d7edddc15cb63e67825a6f34fb3700206cd343d7df6d46b38de00c3a0f00880ccc7c6b98
-
SSDEEP
12288:DMrqy90s+C7/xLg1jtlJIM5NPzq91nL0kj6PTVsM:Vyr+NGM5NPcn3+LVD
Static task
static1
Behavioral task
behavioral1
Sample
5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039
-
Size
537KB
-
MD5
220c5c1cb6d096731ca06bbf6a8166ca
-
SHA1
a5ea81da3e1c7d0eaae134e8f0edbc57a74a2a89
-
SHA256
5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039
-
SHA512
0652dca84feba0df31e3b445ea146bebfa01550a26c60a825c58a4c7d7edddc15cb63e67825a6f34fb3700206cd343d7df6d46b38de00c3a0f00880ccc7c6b98
-
SSDEEP
12288:DMrqy90s+C7/xLg1jtlJIM5NPzq91nL0kj6PTVsM:Vyr+NGM5NPcn3+LVD
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1