General
-
Target
41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0
-
Size
548KB
-
Sample
241109-fjgzdaxlf1
-
MD5
8b7d837af59f35ff6469f1482b68abfa
-
SHA1
ec53f1ae365bde65e4985be2a6041fd6510232a5
-
SHA256
41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0
-
SHA512
9da6009699518140088332c200682ca137ce2caded4dd44a7e7d1239dfa668e8462d39a0848be6e84482475a51f1a83a33839a4e6ec1f9932ab39728a96e3f3c
-
SSDEEP
12288:YMrry904Dxsiu5kvZcpoVDXhRd0y14qc4QsEi:Dyt7vZcpGh0XhUEi
Static task
static1
Behavioral task
behavioral1
Sample
41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0
-
Size
548KB
-
MD5
8b7d837af59f35ff6469f1482b68abfa
-
SHA1
ec53f1ae365bde65e4985be2a6041fd6510232a5
-
SHA256
41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0
-
SHA512
9da6009699518140088332c200682ca137ce2caded4dd44a7e7d1239dfa668e8462d39a0848be6e84482475a51f1a83a33839a4e6ec1f9932ab39728a96e3f3c
-
SSDEEP
12288:YMrry904Dxsiu5kvZcpoVDXhRd0y14qc4QsEi:Dyt7vZcpGh0XhUEi
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1