General
-
Target
7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5
-
Size
522KB
-
Sample
241109-fn7qlayare
-
MD5
e46732f3180a6884445b74e62e2ed80a
-
SHA1
fd60474323dda461d2a01b2cf77abc30412a00e9
-
SHA256
7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5
-
SHA512
383e3882337b6254160f03b7d7d9fc66715ef9d7e5ff570a2a6904a97d02c4930ea22e496772b9c4b104d362b3ee4902300b2f6447944419a5a34a1f03299134
-
SSDEEP
12288:rMrVy90QdsLDWMiQo/5L3iFqfsQt2upxIfafZk4:iyWrkSFq3vxI6K4
Static task
static1
Behavioral task
behavioral1
Sample
7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5
-
Size
522KB
-
MD5
e46732f3180a6884445b74e62e2ed80a
-
SHA1
fd60474323dda461d2a01b2cf77abc30412a00e9
-
SHA256
7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5
-
SHA512
383e3882337b6254160f03b7d7d9fc66715ef9d7e5ff570a2a6904a97d02c4930ea22e496772b9c4b104d362b3ee4902300b2f6447944419a5a34a1f03299134
-
SSDEEP
12288:rMrVy90QdsLDWMiQo/5L3iFqfsQt2upxIfafZk4:iyWrkSFq3vxI6K4
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1