General
-
Target
06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd
-
Size
666KB
-
Sample
241110-bl2pcawdrq
-
MD5
3c56b031d94ad59d6cb0dc47479393d0
-
SHA1
ab2c3c07378fe34fec24693a078796259319cc47
-
SHA256
06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd
-
SHA512
7bf4a9a37470203bb8963831b42ed1b625540482ccf625400ae5f232f2d7790cbe8854148efe20be2db970912faab49a3f373cb31aafe4880bd8ecb22454269c
-
SSDEEP
12288:pMrKy90Htjsz8sTsbWFa4QSbKHa6zN8Ao69jkzrU4kS/wMdyhcNz:rynz8aQZlHaoN8Ao6SzrWswM9t
Static task
static1
Behavioral task
behavioral1
Sample
06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd
-
Size
666KB
-
MD5
3c56b031d94ad59d6cb0dc47479393d0
-
SHA1
ab2c3c07378fe34fec24693a078796259319cc47
-
SHA256
06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd
-
SHA512
7bf4a9a37470203bb8963831b42ed1b625540482ccf625400ae5f232f2d7790cbe8854148efe20be2db970912faab49a3f373cb31aafe4880bd8ecb22454269c
-
SSDEEP
12288:pMrKy90Htjsz8sTsbWFa4QSbKHa6zN8Ao69jkzrU4kS/wMdyhcNz:rynz8aQZlHaoN8Ao6SzrWswM9t
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1