General
-
Target
d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182
-
Size
658KB
-
Sample
241109-fl3nvs1kfr
-
MD5
83ceff8cf792e8368babadbae36241fd
-
SHA1
dd2732f93e9979521ae028227af265dce7b84c99
-
SHA256
d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182
-
SHA512
d4205044cd777fcac2b3b62bc69b4bdc3ba55b9986d18934cbea4549f6e702ad65c5c4aa7af512e4787a07a8258174a6d709acc045dbb02ee6a499ae7fdd418d
-
SSDEEP
12288:7Mriy90Bq175vC7xsLEJq9ohUPPkC1Qic+jpH0s9R5gMeCixLLVx:lyeq175vsxsLY6eiXtz5/eCiNP
Static task
static1
Behavioral task
behavioral1
Sample
d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182
-
Size
658KB
-
MD5
83ceff8cf792e8368babadbae36241fd
-
SHA1
dd2732f93e9979521ae028227af265dce7b84c99
-
SHA256
d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182
-
SHA512
d4205044cd777fcac2b3b62bc69b4bdc3ba55b9986d18934cbea4549f6e702ad65c5c4aa7af512e4787a07a8258174a6d709acc045dbb02ee6a499ae7fdd418d
-
SSDEEP
12288:7Mriy90Bq175vC7xsLEJq9ohUPPkC1Qic+jpH0s9R5gMeCixLLVx:lyeq175vsxsLY6eiXtz5/eCiNP
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1