General
-
Target
083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378
-
Size
533KB
-
Sample
241109-d8xd9awhqh
-
MD5
d02ef005449d83ca849e4f2647e48aaf
-
SHA1
c0f72e49d387bd1f4f5aadf79f2cf17767383f62
-
SHA256
083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378
-
SHA512
4648561f3ce7dcb921373d67815ccc23b2519a624c95874f4718ab6a0df382057cf48422f37f6aa9994441768ad5db1445f9456b275941f9158e86d9f72b3ff8
-
SSDEEP
6144:Khy+bnr+Gp0yN90QEr7D4+ekW8nZNXjZ0YcNDU1iUrreiHjzfydCVw7fD3UCx7/q:3MrGy905LuNUz0Z3U47M6DYSipFx
Static task
static1
Behavioral task
behavioral1
Sample
083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378
-
Size
533KB
-
MD5
d02ef005449d83ca849e4f2647e48aaf
-
SHA1
c0f72e49d387bd1f4f5aadf79f2cf17767383f62
-
SHA256
083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378
-
SHA512
4648561f3ce7dcb921373d67815ccc23b2519a624c95874f4718ab6a0df382057cf48422f37f6aa9994441768ad5db1445f9456b275941f9158e86d9f72b3ff8
-
SSDEEP
6144:Khy+bnr+Gp0yN90QEr7D4+ekW8nZNXjZ0YcNDU1iUrreiHjzfydCVw7fD3UCx7/q:3MrGy905LuNUz0Z3U47M6DYSipFx
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1