General
-
Target
0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df
-
Size
659KB
-
Sample
241109-ftd1gaybpg
-
MD5
b0e0b04878906b432a1d801c3995dca4
-
SHA1
ce67621f5d0d5753f6a77ea3feb5a266a34ade41
-
SHA256
0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df
-
SHA512
a6587f1caee7519da41f63ae8d4ce06c00a1c737182c1dca6358641a7557380b89625175c3d1cfeab709fe0143c13e6922de00b4a586c96e8be6d7bfd7b4e351
-
SSDEEP
12288:cMrwy90ADY+pFVdWLi803N7ZAsVYyiwjU10Df5KVa/ImAeTB0t7d:syDjpvw03N7ZACYsjU1QAFmAeT+X
Static task
static1
Behavioral task
behavioral1
Sample
0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df
-
Size
659KB
-
MD5
b0e0b04878906b432a1d801c3995dca4
-
SHA1
ce67621f5d0d5753f6a77ea3feb5a266a34ade41
-
SHA256
0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df
-
SHA512
a6587f1caee7519da41f63ae8d4ce06c00a1c737182c1dca6358641a7557380b89625175c3d1cfeab709fe0143c13e6922de00b4a586c96e8be6d7bfd7b4e351
-
SSDEEP
12288:cMrwy90ADY+pFVdWLi803N7ZAsVYyiwjU10Df5KVa/ImAeTB0t7d:syDjpvw03N7ZACYsjU1QAFmAeT+X
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1