General
-
Target
d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e
-
Size
536KB
-
Sample
241109-ehhnvazldl
-
MD5
347f5d668ad22da5ac5a4c6418340d0a
-
SHA1
08cc692dab7260ce82b1d30c31101975dd354762
-
SHA256
d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e
-
SHA512
9afd580116dd15a6a42992c6ee9f11956bf9f466e1da9533b201481f3eb9fb281a5256c7de446b180a58dd1c1260c4582bc46717397c89d45e1e1c1296913c23
-
SSDEEP
12288:PMrBy907rALyc91auglv6bsCNXzNCRoTlpcf4B:iyekL591V8CbsCNX0ohpcwB
Static task
static1
Behavioral task
behavioral1
Sample
d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e
-
Size
536KB
-
MD5
347f5d668ad22da5ac5a4c6418340d0a
-
SHA1
08cc692dab7260ce82b1d30c31101975dd354762
-
SHA256
d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e
-
SHA512
9afd580116dd15a6a42992c6ee9f11956bf9f466e1da9533b201481f3eb9fb281a5256c7de446b180a58dd1c1260c4582bc46717397c89d45e1e1c1296913c23
-
SSDEEP
12288:PMrBy907rALyc91auglv6bsCNXzNCRoTlpcf4B:iyekL591V8CbsCNX0ohpcwB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1