General
-
Target
c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8
-
Size
549KB
-
Sample
241109-zce1zs1hqf
-
MD5
7f6005bed0e9651a48b22a7113078da0
-
SHA1
4989fdb09699a686756fed67cb257b4041c8d032
-
SHA256
c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8
-
SHA512
0d4da37bbb6838a6fc4230b24c005cc3578cd63e44dc29336a9ccc18a7fa93656344fb960799dd59ce8a5e85fce77f668650f25eca26ac1e3afd138cf99390bd
-
SSDEEP
12288:nMrry90k44sZGMVqAUsaWwR/xcbGtRdcYPUn:wyX44sHNaWwR/zSYPUn
Static task
static1
Behavioral task
behavioral1
Sample
c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Targets
-
-
Target
c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8
-
Size
549KB
-
MD5
7f6005bed0e9651a48b22a7113078da0
-
SHA1
4989fdb09699a686756fed67cb257b4041c8d032
-
SHA256
c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8
-
SHA512
0d4da37bbb6838a6fc4230b24c005cc3578cd63e44dc29336a9ccc18a7fa93656344fb960799dd59ce8a5e85fce77f668650f25eca26ac1e3afd138cf99390bd
-
SSDEEP
12288:nMrry90k44sZGMVqAUsaWwR/xcbGtRdcYPUn:wyX44sHNaWwR/zSYPUn
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1