General
-
Target
59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec
-
Size
671KB
-
Sample
241109-xr2r7azgjn
-
MD5
e327c30a1d4f9dae9fc0ac68fd2bdacf
-
SHA1
9a3667fe108eb65e421c97c035f80b209ba71a50
-
SHA256
59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec
-
SHA512
d7ad9d2a62167f8b1f2bebfd29c143d54af09df333ed41f52bb6b69c03f2f8886e0f8a8f934d4f9ac21354edf3293af0fd0981d61a5b57a1d7a708a3948d018d
-
SSDEEP
12288:IMrKy90e6wVLOua73ILEdTKrhbMPiag5Gz/ibH5BC3:Syb6GCutGCbMPdBjiC3
Static task
static1
Behavioral task
behavioral1
Sample
59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec
-
Size
671KB
-
MD5
e327c30a1d4f9dae9fc0ac68fd2bdacf
-
SHA1
9a3667fe108eb65e421c97c035f80b209ba71a50
-
SHA256
59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec
-
SHA512
d7ad9d2a62167f8b1f2bebfd29c143d54af09df333ed41f52bb6b69c03f2f8886e0f8a8f934d4f9ac21354edf3293af0fd0981d61a5b57a1d7a708a3948d018d
-
SSDEEP
12288:IMrKy90e6wVLOua73ILEdTKrhbMPiag5Gz/ibH5BC3:Syb6GCutGCbMPdBjiC3
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1