General
-
Target
0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec
-
Size
677KB
-
Sample
241109-ebf7faxapq
-
MD5
5ea32efcddfa436f719170eec349479f
-
SHA1
8edb006783f5b544e30d4277de0a6d1fa0b0edda
-
SHA256
0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec
-
SHA512
7f9f802696b7795fe9b88be934519b211ce841c3d6b24c1ed6face99008da48f073b976e4b29152ef98aa3ea7815d4239fc3703d1eb2eaf08d1d11b7b8e0fe7c
-
SSDEEP
12288:pMr+y90CBLEf6KHVLZzxCSB6KcOlKEWxxmv2/QDVqBCvE9/ImIfbmE7Y+X:XynJw6Q1pg7yvYC89QmebmEjX
Static task
static1
Behavioral task
behavioral1
Sample
0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec
-
Size
677KB
-
MD5
5ea32efcddfa436f719170eec349479f
-
SHA1
8edb006783f5b544e30d4277de0a6d1fa0b0edda
-
SHA256
0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec
-
SHA512
7f9f802696b7795fe9b88be934519b211ce841c3d6b24c1ed6face99008da48f073b976e4b29152ef98aa3ea7815d4239fc3703d1eb2eaf08d1d11b7b8e0fe7c
-
SSDEEP
12288:pMr+y90CBLEf6KHVLZzxCSB6KcOlKEWxxmv2/QDVqBCvE9/ImIfbmE7Y+X:XynJw6Q1pg7yvYC89QmebmEjX
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1