General
-
Target
d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459
-
Size
522KB
-
Sample
241110-aqrjhawakh
-
MD5
478b690181fbde242c33a756f038aa84
-
SHA1
07010290d31072a020bcbee14b558e50f28da995
-
SHA256
d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459
-
SHA512
d13bd13192fb02f48a68954ba81e7e24d59dd5337518e3280295c2338dd6470dfff07c53a40f96bb25f89d422c883bd084cfd12c8e2837f0a85651731304220d
-
SSDEEP
12288:gMrby90YNfztMFMxs8PMYCrUDkTh8a5mjfmQF:LyngYsA+3+mQF
Static task
static1
Behavioral task
behavioral1
Sample
d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459
-
Size
522KB
-
MD5
478b690181fbde242c33a756f038aa84
-
SHA1
07010290d31072a020bcbee14b558e50f28da995
-
SHA256
d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459
-
SHA512
d13bd13192fb02f48a68954ba81e7e24d59dd5337518e3280295c2338dd6470dfff07c53a40f96bb25f89d422c883bd084cfd12c8e2837f0a85651731304220d
-
SSDEEP
12288:gMrby90YNfztMFMxs8PMYCrUDkTh8a5mjfmQF:LyngYsA+3+mQF
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1