General
-
Target
11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85
-
Size
534KB
-
Sample
241109-xtzevasrdj
-
MD5
e8959889ad58bae6eb7da88fb4d51d69
-
SHA1
7188ade935156067c55b45486bd3d8f634963ddc
-
SHA256
11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85
-
SHA512
7bbb3fb357429bba3eda0c198f3f5435ec4fbd3b9dfd017c05c792f2fd485c7115741a656d56b77554f59595389694fabeee0ae8ba670d71e3b0dc3e6e144df0
-
SSDEEP
12288:eMrZy90/ukj833Bbvw9Z6HZkzabOWwj9fnA6Cr215WS:ryx33BbjkzSOPj9fira5WS
Static task
static1
Behavioral task
behavioral1
Sample
11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85
-
Size
534KB
-
MD5
e8959889ad58bae6eb7da88fb4d51d69
-
SHA1
7188ade935156067c55b45486bd3d8f634963ddc
-
SHA256
11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85
-
SHA512
7bbb3fb357429bba3eda0c198f3f5435ec4fbd3b9dfd017c05c792f2fd485c7115741a656d56b77554f59595389694fabeee0ae8ba670d71e3b0dc3e6e144df0
-
SSDEEP
12288:eMrZy90/ukj833Bbvw9Z6HZkzabOWwj9fnA6Cr215WS:ryx33BbjkzSOPj9fira5WS
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1