General
-
Target
2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f
-
Size
660KB
-
Sample
241109-y89d2a1hjk
-
MD5
4d276b26a2e28b25a5ea4400b26f3523
-
SHA1
14a6d5a3e1486d5fb2282da88d7c8b31af20f2a1
-
SHA256
2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f
-
SHA512
93570edf9ec226650931b01652c76d329f3765c6b915db361fb78586fbd6f5c2a753b64ab67328181708e967b34d15fb6bed45e41b299f160d1e5bcfae22a933
-
SSDEEP
12288:IMrMy90N64KkGg96i2+MsNyTX2tXWiof5KRa/jm9UvVnEam9Cu:EyyK66i2+de2MjA+m9U9nEamcu
Static task
static1
Behavioral task
behavioral1
Sample
2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f
-
Size
660KB
-
MD5
4d276b26a2e28b25a5ea4400b26f3523
-
SHA1
14a6d5a3e1486d5fb2282da88d7c8b31af20f2a1
-
SHA256
2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f
-
SHA512
93570edf9ec226650931b01652c76d329f3765c6b915db361fb78586fbd6f5c2a753b64ab67328181708e967b34d15fb6bed45e41b299f160d1e5bcfae22a933
-
SSDEEP
12288:IMrMy90N64KkGg96i2+MsNyTX2tXWiof5KRa/jm9UvVnEam9Cu:EyyK66i2+de2MjA+m9U9nEamcu
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1