General
-
Target
97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91
-
Size
660KB
-
Sample
241109-egfg4azlbm
-
MD5
02304003ed52c215d0cf7a51bb3d0314
-
SHA1
6f85811442632371840c251a21140e320e957c67
-
SHA256
97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91
-
SHA512
16a9c1f908a341518761ecb957831d900b2555f3bb8f14aff5b729259a5f5289383a972075214fff2a8901ac72c58e17fc46599199b9b9d60ff6634059c8415b
-
SSDEEP
12288:oMr6y90kayUBlXZ/H7q+n4b1H+oxloPpdSGPtNALZztX:yyoyiZf7rn4peTpxPtNA9F
Static task
static1
Behavioral task
behavioral1
Sample
97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91
-
Size
660KB
-
MD5
02304003ed52c215d0cf7a51bb3d0314
-
SHA1
6f85811442632371840c251a21140e320e957c67
-
SHA256
97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91
-
SHA512
16a9c1f908a341518761ecb957831d900b2555f3bb8f14aff5b729259a5f5289383a972075214fff2a8901ac72c58e17fc46599199b9b9d60ff6634059c8415b
-
SSDEEP
12288:oMr6y90kayUBlXZ/H7q+n4b1H+oxloPpdSGPtNALZztX:yyoyiZf7rn4peTpxPtNA9F
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1