General
-
Target
fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a
-
Size
533KB
-
Sample
241109-d6schswlaz
-
MD5
9c40dab795d6ed436573113d41f502f8
-
SHA1
bdf964aa617dfa4d12288cd718750b7ad42a4d3e
-
SHA256
fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a
-
SHA512
b836f184b0afe20bde550a32ca732bae01976bb5e7e7aa70f861a0fdab4db66368cb3d5cb4ac6a424c8bb95a2d543e7cb59b21b71a3fa929762bdc8c8ee2911b
-
SSDEEP
12288:cMrjy90UAd2eiQz0ojRFKrw/PhCEJVaQ4/IeRO8R7LdBX+Cc:/yXAEKz0j8PYEWQ4QQOGG
Static task
static1
Behavioral task
behavioral1
Sample
fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a
-
Size
533KB
-
MD5
9c40dab795d6ed436573113d41f502f8
-
SHA1
bdf964aa617dfa4d12288cd718750b7ad42a4d3e
-
SHA256
fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a
-
SHA512
b836f184b0afe20bde550a32ca732bae01976bb5e7e7aa70f861a0fdab4db66368cb3d5cb4ac6a424c8bb95a2d543e7cb59b21b71a3fa929762bdc8c8ee2911b
-
SSDEEP
12288:cMrjy90UAd2eiQz0ojRFKrw/PhCEJVaQ4/IeRO8R7LdBX+Cc:/yXAEKz0j8PYEWQ4QQOGG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1