General
-
Target
8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146
-
Size
531KB
-
Sample
241109-y61n4s1gqc
-
MD5
dd918e46a0e8a386944af728a804cc26
-
SHA1
4ad084ee5c7255140cf5061eb31fb3d0d21bd384
-
SHA256
8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146
-
SHA512
430047e2b9ccc6353d83120a2085cbc0be66462aaeaea82bcbe9e429a26d68ebdc5948480b765be8d68961ce1815c7b1436018dac7af25d550e0317daf187f23
-
SSDEEP
12288:SMrTy90BFBrWuYNy7klnwfocoprw4CyIa4sGxYbkl05l:RyC7Wuay7InMxIb4sTklO
Static task
static1
Behavioral task
behavioral1
Sample
8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146
-
Size
531KB
-
MD5
dd918e46a0e8a386944af728a804cc26
-
SHA1
4ad084ee5c7255140cf5061eb31fb3d0d21bd384
-
SHA256
8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146
-
SHA512
430047e2b9ccc6353d83120a2085cbc0be66462aaeaea82bcbe9e429a26d68ebdc5948480b765be8d68961ce1815c7b1436018dac7af25d550e0317daf187f23
-
SSDEEP
12288:SMrTy90BFBrWuYNy7klnwfocoprw4CyIa4sGxYbkl05l:RyC7Wuay7InMxIb4sTklO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1