General
-
Target
02500590b1b846152da7feda68ae5564986e3fdcf47f9a24dd71d91f938a8622
-
Size
690KB
-
Sample
241109-fy9b6sycql
-
MD5
3e737116314e1191623cbe0dd76e7537
-
SHA1
4ae5a2ef7e0af8b8293bf028c9b61a773ac01d86
-
SHA256
02500590b1b846152da7feda68ae5564986e3fdcf47f9a24dd71d91f938a8622
-
SHA512
b963b73184e26d08c0f5cf8801df8ef27e516c5e499b993e431cd3c1f1854607f350085c1ba616c073bd5f46c189f86c7d0eef97d61f9cc131ffc1db40f32de0
-
SSDEEP
12288:ZMrcy900E6uzvN+3Ypinh4kZIeWL+QVk3UG/T+Yn21MWC8qXENxFBSKGufpGM:RyIDN+3drWSCbG/Tzn21GNXENJi2px
Static task
static1
Behavioral task
behavioral1
Sample
02500590b1b846152da7feda68ae5564986e3fdcf47f9a24dd71d91f938a8622.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
02500590b1b846152da7feda68ae5564986e3fdcf47f9a24dd71d91f938a8622
-
Size
690KB
-
MD5
3e737116314e1191623cbe0dd76e7537
-
SHA1
4ae5a2ef7e0af8b8293bf028c9b61a773ac01d86
-
SHA256
02500590b1b846152da7feda68ae5564986e3fdcf47f9a24dd71d91f938a8622
-
SHA512
b963b73184e26d08c0f5cf8801df8ef27e516c5e499b993e431cd3c1f1854607f350085c1ba616c073bd5f46c189f86c7d0eef97d61f9cc131ffc1db40f32de0
-
SSDEEP
12288:ZMrcy900E6uzvN+3Ypinh4kZIeWL+QVk3UG/T+Yn21MWC8qXENxFBSKGufpGM:RyIDN+3drWSCbG/Tzn21GNXENJi2px
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1