General
-
Target
f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676
-
Size
992KB
-
Sample
241109-fh746sxlfy
-
MD5
2c0eb133506fd3fb7e2aa5cfb42599a6
-
SHA1
04ec3b1eeaa3ee21b412ce0b2b5fb9dbc85c5181
-
SHA256
f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676
-
SHA512
bc1f39bc0da0d938397a9985695e3aec6478aa08e283240ce90c1f8a2069df44fa0ea267db725df44899fd4d441ff90cdcc3e947e43a73dfea916d684baa832c
-
SSDEEP
12288:UMrxy90J2P0hQ/2EN7XZsBdL0mK/8C8b5f+WHjhcPKjegoqBHD2tFVHv34SLu0Hn:9yyQ5NIdL0dK+WDhcC6gDIFVASVHFB
Static task
static1
Behavioral task
behavioral1
Sample
f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676
-
Size
992KB
-
MD5
2c0eb133506fd3fb7e2aa5cfb42599a6
-
SHA1
04ec3b1eeaa3ee21b412ce0b2b5fb9dbc85c5181
-
SHA256
f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676
-
SHA512
bc1f39bc0da0d938397a9985695e3aec6478aa08e283240ce90c1f8a2069df44fa0ea267db725df44899fd4d441ff90cdcc3e947e43a73dfea916d684baa832c
-
SSDEEP
12288:UMrxy90J2P0hQ/2EN7XZsBdL0mK/8C8b5f+WHjhcPKjegoqBHD2tFVHv34SLu0Hn:9yyQ5NIdL0dK+WDhcC6gDIFVASVHFB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1