General
-
Target
03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421
-
Size
530KB
-
Sample
241109-x35cfstkal
-
MD5
a8c178c910f1bf4476a2dd708996aae5
-
SHA1
7b3aa3e2d485bcc4c47e4777b0c05d1db62f3128
-
SHA256
03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421
-
SHA512
bb976f720d40b2badd3256bdde3c27dc4694db0650dc7c94806c35f46d712c461394377983a338d19068d00e02c50a4516e1d53d32726aaf94bb422690bd1cb2
-
SSDEEP
12288:nMriy90J2POgcLU4pePlr37cQsy21L0gR2PbdG1+:ZyVvp4g3Hs7ag4O+
Static task
static1
Behavioral task
behavioral1
Sample
03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421
-
Size
530KB
-
MD5
a8c178c910f1bf4476a2dd708996aae5
-
SHA1
7b3aa3e2d485bcc4c47e4777b0c05d1db62f3128
-
SHA256
03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421
-
SHA512
bb976f720d40b2badd3256bdde3c27dc4694db0650dc7c94806c35f46d712c461394377983a338d19068d00e02c50a4516e1d53d32726aaf94bb422690bd1cb2
-
SSDEEP
12288:nMriy90J2POgcLU4pePlr37cQsy21L0gR2PbdG1+:ZyVvp4g3Hs7ag4O+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1