General
-
Target
aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5
-
Size
537KB
-
Sample
241109-el6vvazmdl
-
MD5
f18afc272e40d68a5f878d3a6a8e8c3e
-
SHA1
43827ae6a2509b58b6eed66b49ea3b172bb6058c
-
SHA256
aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5
-
SHA512
abf16ac0194c99c5ca44599e11c27b62de08277a238abafdd858e12f62d6f11ac24e308984c153f09681bee16d7ddaa8a910cf43649219d56d07d58a8ab98d3b
-
SSDEEP
12288:xMrny90hV4kuIFbgi6tKrKQjvhhx6TfyAdL4IzGbOKB:6yL4EcKQjv4fyAhflq
Static task
static1
Behavioral task
behavioral1
Sample
aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5
-
Size
537KB
-
MD5
f18afc272e40d68a5f878d3a6a8e8c3e
-
SHA1
43827ae6a2509b58b6eed66b49ea3b172bb6058c
-
SHA256
aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5
-
SHA512
abf16ac0194c99c5ca44599e11c27b62de08277a238abafdd858e12f62d6f11ac24e308984c153f09681bee16d7ddaa8a910cf43649219d56d07d58a8ab98d3b
-
SSDEEP
12288:xMrny90hV4kuIFbgi6tKrKQjvhhx6TfyAdL4IzGbOKB:6yL4EcKQjv4fyAhflq
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1