General
-
Target
f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198
-
Size
546KB
-
Sample
241109-1s5r1ssldw
-
MD5
0d314b50fb769db2ba2ea1d316663d55
-
SHA1
3398ce34ec884489f884d1dfe7cf446e9c9011cb
-
SHA256
f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198
-
SHA512
2758f3d6261e9811dc3cb0ad08315f4f41fd2769184a9eeb5b2d539594ad63f8f3ba33f505e21269f89f4ea7f12a71974d7e522d4dbb18b103cdf4760ef4de6c
-
SSDEEP
12288:aMr9y90cKmx4pD3cnBd2gpzvpfGUAUrPlgRx++M+CmHFsXvel:zywmIceojp+U/b8xa2FsXe
Static task
static1
Behavioral task
behavioral1
Sample
f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198
-
Size
546KB
-
MD5
0d314b50fb769db2ba2ea1d316663d55
-
SHA1
3398ce34ec884489f884d1dfe7cf446e9c9011cb
-
SHA256
f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198
-
SHA512
2758f3d6261e9811dc3cb0ad08315f4f41fd2769184a9eeb5b2d539594ad63f8f3ba33f505e21269f89f4ea7f12a71974d7e522d4dbb18b103cdf4760ef4de6c
-
SSDEEP
12288:aMr9y90cKmx4pD3cnBd2gpzvpfGUAUrPlgRx++M+CmHFsXvel:zywmIceojp+U/b8xa2FsXe
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1