General
-
Target
33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa
-
Size
678KB
-
Sample
241109-fs3mfaxnb1
-
MD5
6e4a450b1b7dbcfa44c24291ee9f5144
-
SHA1
f1a2827b0b0cd0aaeb3147d1bf9c00bbbcb904f7
-
SHA256
33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa
-
SHA512
2196f1a70a7f94f30848257ca51f7311945a8190c578ec9405a4fe2a0a1a3187655347d48dd4e6dbc3a1e679f69dbe74336554367327f31352d42b93e0552d24
-
SSDEEP
12288:5Mrmy90hHkUEgMZtPH6OqaDFZnUvW0+44XKZQdAJtmEXken7Rxc7ljw1/:7y7rtNK+ZaZVbXflx+jw1/
Static task
static1
Behavioral task
behavioral1
Sample
33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa
-
Size
678KB
-
MD5
6e4a450b1b7dbcfa44c24291ee9f5144
-
SHA1
f1a2827b0b0cd0aaeb3147d1bf9c00bbbcb904f7
-
SHA256
33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa
-
SHA512
2196f1a70a7f94f30848257ca51f7311945a8190c578ec9405a4fe2a0a1a3187655347d48dd4e6dbc3a1e679f69dbe74336554367327f31352d42b93e0552d24
-
SSDEEP
12288:5Mrmy90hHkUEgMZtPH6OqaDFZnUvW0+44XKZQdAJtmEXken7Rxc7ljw1/:7y7rtNK+ZaZVbXflx+jw1/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1