General
-
Target
e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660
-
Size
678KB
-
Sample
241109-emzg6axcrr
-
MD5
d83b2b0a9a022220383a36a2ca5d5187
-
SHA1
1b7dcb3e0ba0795019650a364d353e84b2ebc6eb
-
SHA256
e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660
-
SHA512
5c9cb3ed2f53c4d4ca1b143f15c6768f551b7d7a0a24d19670e9994b2ea63d2529f36ac9a99d72b108afc363d2934cd8a39a92f43605a8addcac8e34ea424350
-
SSDEEP
12288:yMrIy9077forCnWWGh24whq6Mf6rhe6Fnv8j8obPHOP95V/:WyGorYWp2Fcf+Zv8jRYP/
Static task
static1
Behavioral task
behavioral1
Sample
e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660
-
Size
678KB
-
MD5
d83b2b0a9a022220383a36a2ca5d5187
-
SHA1
1b7dcb3e0ba0795019650a364d353e84b2ebc6eb
-
SHA256
e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660
-
SHA512
5c9cb3ed2f53c4d4ca1b143f15c6768f551b7d7a0a24d19670e9994b2ea63d2529f36ac9a99d72b108afc363d2934cd8a39a92f43605a8addcac8e34ea424350
-
SSDEEP
12288:yMrIy9077forCnWWGh24whq6Mf6rhe6Fnv8j8obPHOP95V/:WyGorYWp2Fcf+Zv8jRYP/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1