General
-
Target
ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08
-
Size
689KB
-
Sample
241109-fk6n5a1kej
-
MD5
04ce68cf8fec1c105d4d2f658c6cdbed
-
SHA1
3f168b1199f7c39b685cd9182ef3fe08d1ed445f
-
SHA256
ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08
-
SHA512
15226ae3435380b8873719bd823d29b13700a02e0f30d8b5e02a357b1e6ca0867bb9ef53b796e4e9f1e52494b5b23243625e698ccb12ad1ef1617ce2ef1a4244
-
SSDEEP
12288:bMrEy90LQZci9tc0k68eMnj0VtC+iqI6EAHYrBHaZpR1Zh8scP82OmmLm:jy0QNKF68lnwbC+hI6lIBHa5bhU9
Static task
static1
Behavioral task
behavioral1
Sample
ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08
-
Size
689KB
-
MD5
04ce68cf8fec1c105d4d2f658c6cdbed
-
SHA1
3f168b1199f7c39b685cd9182ef3fe08d1ed445f
-
SHA256
ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08
-
SHA512
15226ae3435380b8873719bd823d29b13700a02e0f30d8b5e02a357b1e6ca0867bb9ef53b796e4e9f1e52494b5b23243625e698ccb12ad1ef1617ce2ef1a4244
-
SSDEEP
12288:bMrEy90LQZci9tc0k68eMnj0VtC+iqI6EAHYrBHaZpR1Zh8scP82OmmLm:jy0QNKF68lnwbC+hI6lIBHa5bhU9
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1