General
-
Target
e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d
-
Size
529KB
-
Sample
241109-gs3swayhqk
-
MD5
8db7077d73099a17b8ba7f6e9af7d018
-
SHA1
f25a67af6048634a77b163f4d9933c6a394c8f9d
-
SHA256
e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d
-
SHA512
8a38d3f3767fe84e7bd2caa4c1bcbc66f9b36697596d455d2b184e7a123d4f10789eb15f5bc957484bcdf183ebc3cfb461f60f6d72e678993856fc320f7a850e
-
SSDEEP
12288:OMrey906CKGh2o2q7B6FFRueVtOyk4IenTnojj9NKGn:My1CKGMor7YFFowtBxXTnwKGn
Static task
static1
Behavioral task
behavioral1
Sample
e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d
-
Size
529KB
-
MD5
8db7077d73099a17b8ba7f6e9af7d018
-
SHA1
f25a67af6048634a77b163f4d9933c6a394c8f9d
-
SHA256
e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d
-
SHA512
8a38d3f3767fe84e7bd2caa4c1bcbc66f9b36697596d455d2b184e7a123d4f10789eb15f5bc957484bcdf183ebc3cfb461f60f6d72e678993856fc320f7a850e
-
SSDEEP
12288:OMrey906CKGh2o2q7B6FFRueVtOyk4IenTnojj9NKGn:My1CKGMor7YFFowtBxXTnwKGn
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1