General
-
Target
f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b
-
Size
657KB
-
Sample
241109-flw63sxmby
-
MD5
ff39efec3f6cf1a4de50f8e8b7d077c3
-
SHA1
93ec54ee1d99c9239b0d9241208f69ba2a961383
-
SHA256
f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b
-
SHA512
369a5f5809bf1079fa3189966362721d46589a62552335043b15bd82029e1d7df4cccace6da84c4171294296a5cbd7d68218dfac77fea067032b814943720c05
-
SSDEEP
12288:5Mr+y90XRd3MyRlabwUPlEp//2nv6D2KhuYVs4IVtbTtbpchGd0aQ:7yyKRPlyXw6qKhuyYLCsQ
Static task
static1
Behavioral task
behavioral1
Sample
f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b
-
Size
657KB
-
MD5
ff39efec3f6cf1a4de50f8e8b7d077c3
-
SHA1
93ec54ee1d99c9239b0d9241208f69ba2a961383
-
SHA256
f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b
-
SHA512
369a5f5809bf1079fa3189966362721d46589a62552335043b15bd82029e1d7df4cccace6da84c4171294296a5cbd7d68218dfac77fea067032b814943720c05
-
SSDEEP
12288:5Mr+y90XRd3MyRlabwUPlEp//2nv6D2KhuYVs4IVtbTtbpchGd0aQ:7yyKRPlyXw6qKhuyYLCsQ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1