General
-
Target
d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860
-
Size
1.0MB
-
Sample
241109-x39xyazkhz
-
MD5
ff6631e4c2c32e21dccf8cfa39d237a9
-
SHA1
9e10d1be346a0273ed54b1508c8c7e8cdf1374f4
-
SHA256
d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860
-
SHA512
80c2e75ab00d700dcec22310b76b9055b5cd3c259a68e35ea458b22d4a17ac9023582227e391bf7274ad0e6bdd44d89321c22bd8a2590cc19ebf17ecf79739e4
-
SSDEEP
24576:KyVXUsgnwVfe2ngi1fsrSC/wIWGW27cKnhv94cy:RdVf/gM0+C/wIa+hv9T
Static task
static1
Behavioral task
behavioral1
Sample
d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860
-
Size
1.0MB
-
MD5
ff6631e4c2c32e21dccf8cfa39d237a9
-
SHA1
9e10d1be346a0273ed54b1508c8c7e8cdf1374f4
-
SHA256
d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860
-
SHA512
80c2e75ab00d700dcec22310b76b9055b5cd3c259a68e35ea458b22d4a17ac9023582227e391bf7274ad0e6bdd44d89321c22bd8a2590cc19ebf17ecf79739e4
-
SSDEEP
24576:KyVXUsgnwVfe2ngi1fsrSC/wIWGW27cKnhv94cy:RdVf/gM0+C/wIa+hv9T
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1