General
-
Target
b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a
-
Size
662KB
-
Sample
241109-fyegssxpbw
-
MD5
dc383621d93bc65beccb8f3f07556e22
-
SHA1
74ca929c085daac4dcbdac0dd4c96e56f3d3fe98
-
SHA256
b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a
-
SHA512
588a028562fe3bacb47b2e83734e7268b7c42a9720dff8af682b8d7d27a6f23b42bf6a649fb6d0ca266f74c418c01662994ed465d1786716827054da56b3b46f
-
SSDEEP
12288:oMrsy907QW9fdJvBWLEifJyyJBp/2s3BaSgd2qjjdTHgT+vwyQzKx:UyfW9fzBWLyysBSgd2qjJTATpTzC
Static task
static1
Behavioral task
behavioral1
Sample
b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a
-
Size
662KB
-
MD5
dc383621d93bc65beccb8f3f07556e22
-
SHA1
74ca929c085daac4dcbdac0dd4c96e56f3d3fe98
-
SHA256
b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a
-
SHA512
588a028562fe3bacb47b2e83734e7268b7c42a9720dff8af682b8d7d27a6f23b42bf6a649fb6d0ca266f74c418c01662994ed465d1786716827054da56b3b46f
-
SSDEEP
12288:oMrsy907QW9fdJvBWLEifJyyJBp/2s3BaSgd2qjjdTHgT+vwyQzKx:UyfW9fzBWLyysBSgd2qjJTATpTzC
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1