General
-
Target
56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08
-
Size
660KB
-
Sample
241109-fkxffsyama
-
MD5
81e5a6906aff4ffd0ea84ee9fede4811
-
SHA1
ced02478ca38e2d8e8fc1f286890f91f5a8dd47e
-
SHA256
56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08
-
SHA512
85c19d8fe005b89b7687a3cf90dac77756e6ddcc2042c88558afcba272933bb5842b43973539e5794e91661d2fdca4b957824501124edc48276a1c1ae738a009
-
SSDEEP
12288:WMr8y90lzrTkHP0RQ7bJWhmaMFlUDZSOfT1El6C+8:eyePkHPoQ7bJWhmaglOfOsC+8
Static task
static1
Behavioral task
behavioral1
Sample
56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08
-
Size
660KB
-
MD5
81e5a6906aff4ffd0ea84ee9fede4811
-
SHA1
ced02478ca38e2d8e8fc1f286890f91f5a8dd47e
-
SHA256
56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08
-
SHA512
85c19d8fe005b89b7687a3cf90dac77756e6ddcc2042c88558afcba272933bb5842b43973539e5794e91661d2fdca4b957824501124edc48276a1c1ae738a009
-
SSDEEP
12288:WMr8y90lzrTkHP0RQ7bJWhmaMFlUDZSOfT1El6C+8:eyePkHPoQ7bJWhmaglOfOsC+8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1