General
-
Target
de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922
-
Size
674KB
-
Sample
241109-xpqxxazfnn
-
MD5
7593ac1fed1571b56f227fbd6a655564
-
SHA1
7dd4a9cb30122e4a10acd2189ed5be8429f58c17
-
SHA256
de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922
-
SHA512
e18d4122f111630c5e8071670163b92b4529ee7625e2d7cbefed220eaa63d216aa5c5cc986217e3d38107e5292b5d774c531632806f53d7aecbef599816e1f32
-
SSDEEP
12288:tMroy90msh/8vjW9eCm3PodWdPHMro3xZ9uHuXP42wHRyk57Xnd:1ykh0vq5p4dPHMc8242wR
Static task
static1
Behavioral task
behavioral1
Sample
de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922
-
Size
674KB
-
MD5
7593ac1fed1571b56f227fbd6a655564
-
SHA1
7dd4a9cb30122e4a10acd2189ed5be8429f58c17
-
SHA256
de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922
-
SHA512
e18d4122f111630c5e8071670163b92b4529ee7625e2d7cbefed220eaa63d216aa5c5cc986217e3d38107e5292b5d774c531632806f53d7aecbef599816e1f32
-
SSDEEP
12288:tMroy90msh/8vjW9eCm3PodWdPHMro3xZ9uHuXP42wHRyk57Xnd:1ykh0vq5p4dPHMc8242wR
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1