General
-
Target
279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0
-
Size
658KB
-
Sample
241110-bmvx7ayqcr
-
MD5
dd2a3b251e8247f9aa2a9efa76a0f3ad
-
SHA1
1adc87d4b07c71e338b5cf406ef8fc9f47498385
-
SHA256
279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0
-
SHA512
9fa58c4bea674419cfcebfbfa8d1ebde04505531e0e03ac634595e5b323c8e9daa25a97fdf550c3f2a9734f1f1e2d8ec655abf8531244af8eda40908c468339a
-
SSDEEP
12288:YMrFy90sxt+Gb2FxJ+P9ohU9b9KUx5ZjpI046Rzgjiumvt9uF:9yrvV2F/ax5ZKkzEiuQuF
Static task
static1
Behavioral task
behavioral1
Sample
279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0
-
Size
658KB
-
MD5
dd2a3b251e8247f9aa2a9efa76a0f3ad
-
SHA1
1adc87d4b07c71e338b5cf406ef8fc9f47498385
-
SHA256
279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0
-
SHA512
9fa58c4bea674419cfcebfbfa8d1ebde04505531e0e03ac634595e5b323c8e9daa25a97fdf550c3f2a9734f1f1e2d8ec655abf8531244af8eda40908c468339a
-
SSDEEP
12288:YMrFy90sxt+Gb2FxJ+P9ohU9b9KUx5ZjpI046Rzgjiumvt9uF:9yrvV2F/ax5ZKkzEiuQuF
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1