General
-
Target
a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed
-
Size
683KB
-
Sample
241109-y1mv3a1fkj
-
MD5
d50da7e96004ec74573f2b97bd1318ef
-
SHA1
966d13a6aa7e6a0a1639c9fe82da11b7face1482
-
SHA256
a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed
-
SHA512
33316ee43c4a886ff8735fc38fcb9315a405c3182030c9c63c22c7b8ab0fe29e1fc655f0a17d8bf7feadd621ca62b40b7f295a0549329f5bed261f6e44b75d25
-
SSDEEP
12288:GMrmy90+E3LdOenoSEPIFchr2WG5do0RXOtO8+pCZYkS4YW2lBN:8yM3JOenoSEOm5Gno0OtrqvklCN
Static task
static1
Behavioral task
behavioral1
Sample
a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed
-
Size
683KB
-
MD5
d50da7e96004ec74573f2b97bd1318ef
-
SHA1
966d13a6aa7e6a0a1639c9fe82da11b7face1482
-
SHA256
a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed
-
SHA512
33316ee43c4a886ff8735fc38fcb9315a405c3182030c9c63c22c7b8ab0fe29e1fc655f0a17d8bf7feadd621ca62b40b7f295a0549329f5bed261f6e44b75d25
-
SSDEEP
12288:GMrmy90+E3LdOenoSEPIFchr2WG5do0RXOtO8+pCZYkS4YW2lBN:8yM3JOenoSEOm5Gno0OtrqvklCN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1