General
-
Target
b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351
-
Size
705KB
-
Sample
241109-xvszfszgpj
-
MD5
9109b9c6f087185fadfb40daf2ae37ac
-
SHA1
f2d14f8d362c4c6ec2774a6b878004fb9ca5e989
-
SHA256
b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351
-
SHA512
ee89efc3c0ef5a3c2e2f642793ec1b02334ce4b9eba815ff8b804d1494134d3034a06682d3c243da198764477890d313cf46e162c0867b0be04a0fb848432480
-
SSDEEP
12288:wMr2y90bvuEVHSI18DhEIj7TJtecrwXYDwjSlu1HWYB3aoHpUT:WyEvpHRQJtec8ojeHHB3rUT
Static task
static1
Behavioral task
behavioral1
Sample
b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ronam
193.233.20.17:4139
-
auth_value
125421d19d14dd7fd211bc7f6d4aea6c
Targets
-
-
Target
b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351
-
Size
705KB
-
MD5
9109b9c6f087185fadfb40daf2ae37ac
-
SHA1
f2d14f8d362c4c6ec2774a6b878004fb9ca5e989
-
SHA256
b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351
-
SHA512
ee89efc3c0ef5a3c2e2f642793ec1b02334ce4b9eba815ff8b804d1494134d3034a06682d3c243da198764477890d313cf46e162c0867b0be04a0fb848432480
-
SSDEEP
12288:wMr2y90bvuEVHSI18DhEIj7TJtecrwXYDwjSlu1HWYB3aoHpUT:WyEvpHRQJtec8ojeHHB3rUT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1