General
-
Target
180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff
-
Size
537KB
-
Sample
241109-em11zszmen
-
MD5
c5e379fcd216a4ef360b28aa10c27521
-
SHA1
b40be5a4dd25c3c350742e6af5f27072281a6bdb
-
SHA256
180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff
-
SHA512
f0d7f81a392b7809f3f4e53aecaa5dec72bc0f64559b7f72e0fa931de54bf154a9776d98b2304f9fabd40d35962850638aa627e65aa4f53d4e4baabfaa342096
-
SSDEEP
12288:jMryy90quC9seLPN/3no9qY9/LwOA3eyKzUNxHIw9WOEgP:Nyp9jP1cn/3AuyKz+ow9KgP
Static task
static1
Behavioral task
behavioral1
Sample
180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff
-
Size
537KB
-
MD5
c5e379fcd216a4ef360b28aa10c27521
-
SHA1
b40be5a4dd25c3c350742e6af5f27072281a6bdb
-
SHA256
180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff
-
SHA512
f0d7f81a392b7809f3f4e53aecaa5dec72bc0f64559b7f72e0fa931de54bf154a9776d98b2304f9fabd40d35962850638aa627e65aa4f53d4e4baabfaa342096
-
SSDEEP
12288:jMryy90quC9seLPN/3no9qY9/LwOA3eyKzUNxHIw9WOEgP:Nyp9jP1cn/3AuyKz+ow9KgP
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1