General
-
Target
7d4d80dce106bdb0a55fdc01618de918682c78e89841ef1fad8e6f0d8c42de8c
-
Size
530KB
-
Sample
241110-bt764ayrer
-
MD5
c6e426228b3ca9d72d0f84ef02c338db
-
SHA1
33d5757e41bb5be6af91d4ab908d43f96a51210a
-
SHA256
7d4d80dce106bdb0a55fdc01618de918682c78e89841ef1fad8e6f0d8c42de8c
-
SHA512
b01cd717fe6d6aafb3e4454c61bed6669dd05d3981cb5dd21dafec471ea62d42652fcacb7af4a2c7014f83baec95ad02e78a2eb3322d8a94d424d4375993b99d
-
SSDEEP
12288:7MrWy90HmWAq+FV8gHERp9tAsc0lI0BZ+te5p0qYik1:dy1bomEhcw5Bn8
Static task
static1
Behavioral task
behavioral1
Sample
7d4d80dce106bdb0a55fdc01618de918682c78e89841ef1fad8e6f0d8c42de8c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
7d4d80dce106bdb0a55fdc01618de918682c78e89841ef1fad8e6f0d8c42de8c
-
Size
530KB
-
MD5
c6e426228b3ca9d72d0f84ef02c338db
-
SHA1
33d5757e41bb5be6af91d4ab908d43f96a51210a
-
SHA256
7d4d80dce106bdb0a55fdc01618de918682c78e89841ef1fad8e6f0d8c42de8c
-
SHA512
b01cd717fe6d6aafb3e4454c61bed6669dd05d3981cb5dd21dafec471ea62d42652fcacb7af4a2c7014f83baec95ad02e78a2eb3322d8a94d424d4375993b99d
-
SSDEEP
12288:7MrWy90HmWAq+FV8gHERp9tAsc0lI0BZ+te5p0qYik1:dy1bomEhcw5Bn8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1