General
-
Target
45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976
-
Size
532KB
-
Sample
241109-xntx6ssqcr
-
MD5
a04c579bc5492febe3897c44a38b8048
-
SHA1
6f25df42e4c833c04aedecd4c9e1175792fe6f0b
-
SHA256
45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976
-
SHA512
b3673543d73f2b4f2c732301a7f54e3bfbe972c70ef2411a2ca8f29536ccacfe13b0e0832b750af3c78188c8508eac6e9e00b62a24c9575773ad5138bbc703c3
-
SSDEEP
12288:MMr1y90gAha2rnX60kfvYRliaOiakpnS2QhSedLVElQ:ZyL0r60k3yRDAPVGQ
Static task
static1
Behavioral task
behavioral1
Sample
45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976
-
Size
532KB
-
MD5
a04c579bc5492febe3897c44a38b8048
-
SHA1
6f25df42e4c833c04aedecd4c9e1175792fe6f0b
-
SHA256
45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976
-
SHA512
b3673543d73f2b4f2c732301a7f54e3bfbe972c70ef2411a2ca8f29536ccacfe13b0e0832b750af3c78188c8508eac6e9e00b62a24c9575773ad5138bbc703c3
-
SSDEEP
12288:MMr1y90gAha2rnX60kfvYRliaOiakpnS2QhSedLVElQ:ZyL0r60k3yRDAPVGQ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1