General
-
Target
011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e
-
Size
538KB
-
Sample
241109-x5ql3s1aka
-
MD5
927a0d979a2295f3be5e33b81ab6cc8a
-
SHA1
9d01a4a3f62e1c184e5c1e246cf78d0bd183a20e
-
SHA256
011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e
-
SHA512
4301630d5be18545dcf82e94fbfe0b8fec00f445b83f88823eb05476ae47061bdab6a6788e90967e05d7f7bff0168148ed42268a16376e6c01489bec00fa277c
-
SSDEEP
12288:4Mrby90giSpxtvc3T+vjgy2WbqhPaScjPN8RRBvw6nwk4tRin:DybLpxtw+vbbwaSYPNQRBvw6nwkign
Static task
static1
Behavioral task
behavioral1
Sample
011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e
-
Size
538KB
-
MD5
927a0d979a2295f3be5e33b81ab6cc8a
-
SHA1
9d01a4a3f62e1c184e5c1e246cf78d0bd183a20e
-
SHA256
011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e
-
SHA512
4301630d5be18545dcf82e94fbfe0b8fec00f445b83f88823eb05476ae47061bdab6a6788e90967e05d7f7bff0168148ed42268a16376e6c01489bec00fa277c
-
SSDEEP
12288:4Mrby90giSpxtvc3T+vjgy2WbqhPaScjPN8RRBvw6nwk4tRin:DybLpxtw+vbbwaSYPNQRBvw6nwkign
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1