General
-
Target
9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436
-
Size
658KB
-
Sample
241110-b1pckazkam
-
MD5
5df6f93afdca1024c56539bd5952cef3
-
SHA1
347466577e5d68183ac375f6d754b2120830130b
-
SHA256
9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436
-
SHA512
459ede848df1a574a48d72f0a25fd86ab96d4b387b161294c9777e22ddffaa06c659f6fd1a206af95267e69c90b438a938637f3996c37356d70cc98803283588
-
SSDEEP
12288:HMr6y90JGwJRIl9rhCzzn+IY65x30FhlRMolm2VHpxXQ:py8dHYRh4z+IYIx30FNm2VHpi
Static task
static1
Behavioral task
behavioral1
Sample
9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436
-
Size
658KB
-
MD5
5df6f93afdca1024c56539bd5952cef3
-
SHA1
347466577e5d68183ac375f6d754b2120830130b
-
SHA256
9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436
-
SHA512
459ede848df1a574a48d72f0a25fd86ab96d4b387b161294c9777e22ddffaa06c659f6fd1a206af95267e69c90b438a938637f3996c37356d70cc98803283588
-
SSDEEP
12288:HMr6y90JGwJRIl9rhCzzn+IY65x30FhlRMolm2VHpxXQ:py8dHYRh4z+IYIx30FNm2VHpi
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1