General
-
Target
1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea
-
Size
538KB
-
Sample
241109-gtccbasjfp
-
MD5
ec6d06c0c3128572c51d9cd366ff58b4
-
SHA1
fb67e4e0d5058edeeb5d3ad4ea3ce686a1e79ed8
-
SHA256
1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea
-
SHA512
d315bf48186a312183c20375a72a3b123e121759fd939bf99d8a153c4093a42c5909be1440eec9b5fa9862ed715dafc8b258f5897ca82a998aa2c9effb6baeb9
-
SSDEEP
12288:aMrky905/aw6hxN6OvNBrrxTRaSnjPNbjRn7x7xTC:myu/4hxAqfLaSjPN/Rn7TW
Static task
static1
Behavioral task
behavioral1
Sample
1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea
-
Size
538KB
-
MD5
ec6d06c0c3128572c51d9cd366ff58b4
-
SHA1
fb67e4e0d5058edeeb5d3ad4ea3ce686a1e79ed8
-
SHA256
1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea
-
SHA512
d315bf48186a312183c20375a72a3b123e121759fd939bf99d8a153c4093a42c5909be1440eec9b5fa9862ed715dafc8b258f5897ca82a998aa2c9effb6baeb9
-
SSDEEP
12288:aMrky905/aw6hxN6OvNBrrxTRaSnjPNbjRn7x7xTC:myu/4hxAqfLaSjPN/Rn7TW
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1