General
-
Target
2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6
-
Size
521KB
-
Sample
241110-a53kbawbmj
-
MD5
45b17a0b6307a6f94d7e829a52f2865a
-
SHA1
2bd6cbea5732767d0b4fc41dc37d7a622323c2e7
-
SHA256
2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6
-
SHA512
d51fbefabbe09adccafc4874e35d83f657d2ed23ecc107cb023081075d50f9208cdea292207cd05046aea2a76f5296a3c0e28d13f2e78414c87cbc53ca900aeb
-
SSDEEP
12288:zMrvy90UHls0tZjE876YE40lmXmgbTOEGszsZJDi7X:oyq0njErKmwTOEGsY4
Static task
static1
Behavioral task
behavioral1
Sample
2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6
-
Size
521KB
-
MD5
45b17a0b6307a6f94d7e829a52f2865a
-
SHA1
2bd6cbea5732767d0b4fc41dc37d7a622323c2e7
-
SHA256
2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6
-
SHA512
d51fbefabbe09adccafc4874e35d83f657d2ed23ecc107cb023081075d50f9208cdea292207cd05046aea2a76f5296a3c0e28d13f2e78414c87cbc53ca900aeb
-
SSDEEP
12288:zMrvy90UHls0tZjE876YE40lmXmgbTOEGszsZJDi7X:oyq0njErKmwTOEGsY4
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1