General
-
Target
010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b
-
Size
530KB
-
Sample
241110-btlm4awgnf
-
MD5
e1379ba20a0c2a7ef945b2f41e4f8de8
-
SHA1
02977836018040a671fb14412ae2da93a788dd16
-
SHA256
010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b
-
SHA512
cead85d3223ad16c001374188092bcd51a24f1ec161825ca09c3e919b1a569fa9be0dc674c06bc274842dd7cad2198f54d9b7cf29dd4c4610f9ff09067520bca
-
SSDEEP
12288:1Mrey90+6INXaBA8ozfQEtXrnXFyCRYE8ZxtY3NgF8/D8fC:fyX6INXf8Af9pXnRYE8ztYK7K
Static task
static1
Behavioral task
behavioral1
Sample
010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b
-
Size
530KB
-
MD5
e1379ba20a0c2a7ef945b2f41e4f8de8
-
SHA1
02977836018040a671fb14412ae2da93a788dd16
-
SHA256
010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b
-
SHA512
cead85d3223ad16c001374188092bcd51a24f1ec161825ca09c3e919b1a569fa9be0dc674c06bc274842dd7cad2198f54d9b7cf29dd4c4610f9ff09067520bca
-
SSDEEP
12288:1Mrey90+6INXaBA8ozfQEtXrnXFyCRYE8ZxtY3NgF8/D8fC:fyX6INXf8Af9pXnRYE8ztYK7K
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1