General
-
Target
a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6N
-
Size
517KB
-
Sample
241109-x6xrsa1ama
-
MD5
b42fa04c57b894e002b47d109e494ac0
-
SHA1
0a1ff5497047a2e2f641dcb6fb3317803b9347c1
-
SHA256
a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6
-
SHA512
d8138261e1979e740f8528f1e71a2709ed348d0f5c4bf7387a789de8c4361ef74b41da5970012cb886fa5abe0a4e8feb05401a9e7fa8ebba4bc18b3e64ac2e00
-
SSDEEP
12288:NMrxy90crpn9e062gSyy86pgCPGmBKxO9+0xd4t+EUZxXKUV1e:AyR9DB86pg+rEEd4+EUzXLe
Static task
static1
Behavioral task
behavioral1
Sample
a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6N
-
Size
517KB
-
MD5
b42fa04c57b894e002b47d109e494ac0
-
SHA1
0a1ff5497047a2e2f641dcb6fb3317803b9347c1
-
SHA256
a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6
-
SHA512
d8138261e1979e740f8528f1e71a2709ed348d0f5c4bf7387a789de8c4361ef74b41da5970012cb886fa5abe0a4e8feb05401a9e7fa8ebba4bc18b3e64ac2e00
-
SSDEEP
12288:NMrxy90crpn9e062gSyy86pgCPGmBKxO9+0xd4t+EUZxXKUV1e:AyR9DB86pg+rEEd4+EUzXLe
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1