General
-
Target
4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007eN
-
Size
516KB
-
Sample
241109-eh47vaxcjq
-
MD5
426a3f0dd5122b23c5858119205cf7d0
-
SHA1
e0626ad2b1a6409ffbfe6576d9d79e578ca6128b
-
SHA256
4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007e
-
SHA512
d2964d3b46f992a0a77bd25184bfcce76000016e7319f61e58f1f40aac58796b69ef1e7730099a5bb220270497742acf6b723f16b372333bef7cac8c70e4723d
-
SSDEEP
12288:6MrDy90IywERk7Rm559ohUohGcAxJQTrqjpT0o3RngDpmtmP:Zybp7Rm5SBfrmhBnEpmm
Static task
static1
Behavioral task
behavioral1
Sample
4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007eN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007eN
-
Size
516KB
-
MD5
426a3f0dd5122b23c5858119205cf7d0
-
SHA1
e0626ad2b1a6409ffbfe6576d9d79e578ca6128b
-
SHA256
4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007e
-
SHA512
d2964d3b46f992a0a77bd25184bfcce76000016e7319f61e58f1f40aac58796b69ef1e7730099a5bb220270497742acf6b723f16b372333bef7cac8c70e4723d
-
SSDEEP
12288:6MrDy90IywERk7Rm559ohUohGcAxJQTrqjpT0o3RngDpmtmP:Zybp7Rm5SBfrmhBnEpmm
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1