General
-
Target
51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af
-
Size
673KB
-
Sample
241110-bnjasawfmd
-
MD5
571db67bd3194e386e91bf06f82fe5e6
-
SHA1
8dc3ad6d9700be97e32e45c32c1c76d4adef1810
-
SHA256
51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af
-
SHA512
a3b56b0c2efe9b2e734c29293c2d5fefb73a97f8a8d827d243862833cc6484ec47461c0ae4bfc87d94e732756c2a8f01fe58aeaa5abc1db0e729b3ea969232ef
-
SSDEEP
12288:FMrZy905JfI1kY4WHuBy+pNLodjejRHtPvbuW/o5WnnbGjs:EyS2n4WOc84ejFtPTuUlGjs
Static task
static1
Behavioral task
behavioral1
Sample
51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af
-
Size
673KB
-
MD5
571db67bd3194e386e91bf06f82fe5e6
-
SHA1
8dc3ad6d9700be97e32e45c32c1c76d4adef1810
-
SHA256
51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af
-
SHA512
a3b56b0c2efe9b2e734c29293c2d5fefb73a97f8a8d827d243862833cc6484ec47461c0ae4bfc87d94e732756c2a8f01fe58aeaa5abc1db0e729b3ea969232ef
-
SSDEEP
12288:FMrZy905JfI1kY4WHuBy+pNLodjejRHtPvbuW/o5WnnbGjs:EyS2n4WOc84ejFtPTuUlGjs
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1