General
-
Target
8b9cd222a46212bfa060e63f93d8c356500b5555269f4733b29fc34e51d7d48a
-
Size
533KB
-
Sample
241109-f2lqaaydlk
-
MD5
73838e34a6cbd69e2d80007f545210c3
-
SHA1
7d6df4bebe657dd47539ac1143d90b4e80e0c7d5
-
SHA256
8b9cd222a46212bfa060e63f93d8c356500b5555269f4733b29fc34e51d7d48a
-
SHA512
2a910c8da84841659e00b12d2b43f2ff69c2122e1206d30b89d1bf0a790cc29169d4bb1ff2d94d03c562e5ce7376f9062457c7dea34d1edf683f645b192ec22f
-
SSDEEP
12288:HMrmy90QgH0Ysa8j2G7uL+zJdpTaNuNdotm:By0sy8e+VdPzoY
Static task
static1
Behavioral task
behavioral1
Sample
8b9cd222a46212bfa060e63f93d8c356500b5555269f4733b29fc34e51d7d48a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
8b9cd222a46212bfa060e63f93d8c356500b5555269f4733b29fc34e51d7d48a
-
Size
533KB
-
MD5
73838e34a6cbd69e2d80007f545210c3
-
SHA1
7d6df4bebe657dd47539ac1143d90b4e80e0c7d5
-
SHA256
8b9cd222a46212bfa060e63f93d8c356500b5555269f4733b29fc34e51d7d48a
-
SHA512
2a910c8da84841659e00b12d2b43f2ff69c2122e1206d30b89d1bf0a790cc29169d4bb1ff2d94d03c562e5ce7376f9062457c7dea34d1edf683f645b192ec22f
-
SSDEEP
12288:HMrmy90QgH0Ysa8j2G7uL+zJdpTaNuNdotm:By0sy8e+VdPzoY
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1