General
-
Target
293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b
-
Size
663KB
-
Sample
241109-fqcy1aybkf
-
MD5
ea646b4237b247721cc397ff4062ac5d
-
SHA1
888eff0a049ec68e2ac2a601d3289cd96aba6e75
-
SHA256
293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b
-
SHA512
81777b9d0849b1d270ee625f7e3bf890ced25cac99145440f5672bf1f1be3a56cf1ce2edbac87cfb78dbcac099cae6f319587e84f8b96bbccdcf566f055fab21
-
SSDEEP
12288:NMr8y90X80AgZS7zwSDprl72vkEuZMrFm2qE70um62u8Xo:VycybfVrhKoaxm2qE70s2uN
Static task
static1
Behavioral task
behavioral1
Sample
293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b
-
Size
663KB
-
MD5
ea646b4237b247721cc397ff4062ac5d
-
SHA1
888eff0a049ec68e2ac2a601d3289cd96aba6e75
-
SHA256
293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b
-
SHA512
81777b9d0849b1d270ee625f7e3bf890ced25cac99145440f5672bf1f1be3a56cf1ce2edbac87cfb78dbcac099cae6f319587e84f8b96bbccdcf566f055fab21
-
SSDEEP
12288:NMr8y90X80AgZS7zwSDprl72vkEuZMrFm2qE70um62u8Xo:VycybfVrhKoaxm2qE70s2uN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1