General
-
Target
9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752
-
Size
536KB
-
Sample
241110-b3abeswgpl
-
MD5
8c5bc31110f153369d841d8c1db415d6
-
SHA1
0042afb33eaad26f927c726c40176934183d44ee
-
SHA256
9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752
-
SHA512
3d51deec1debd3e6422117612eab27060b44a9f04e7160af724d90813a652464fb0858a4060c2f27535a23e473432ea749175f857d9d975ff47d23f24036716a
-
SSDEEP
12288:sMrpy90aOFcgvzSJh5c7aXikNCzM3GAAe/Qq:Ny3g6O7aJNCyAe/Qq
Static task
static1
Behavioral task
behavioral1
Sample
9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752
-
Size
536KB
-
MD5
8c5bc31110f153369d841d8c1db415d6
-
SHA1
0042afb33eaad26f927c726c40176934183d44ee
-
SHA256
9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752
-
SHA512
3d51deec1debd3e6422117612eab27060b44a9f04e7160af724d90813a652464fb0858a4060c2f27535a23e473432ea749175f857d9d975ff47d23f24036716a
-
SSDEEP
12288:sMrpy90aOFcgvzSJh5c7aXikNCzM3GAAe/Qq:Ny3g6O7aJNCyAe/Qq
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1