General
-
Target
1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac
-
Size
531KB
-
Sample
241110-bttzgawjbx
-
MD5
721f0742e79b63bf4cfcb82a9ad4850d
-
SHA1
95084937cdb6bcee8f5326581acd15189d221827
-
SHA256
1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac
-
SHA512
d510da5c49c91d6e25b8046934e834d2e71c538decff9a8115d496cd7068faaf1372f149f4cc90b28c4dea836751029208966b72be28100b8ef31f8ca308d665
-
SSDEEP
12288:vMrNy90LkZPuVwvlJQn+0znJIzBWqq/pmUyun:Oy9ZaC/Qn/zJoWp/pt9
Static task
static1
Behavioral task
behavioral1
Sample
1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac
-
Size
531KB
-
MD5
721f0742e79b63bf4cfcb82a9ad4850d
-
SHA1
95084937cdb6bcee8f5326581acd15189d221827
-
SHA256
1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac
-
SHA512
d510da5c49c91d6e25b8046934e834d2e71c538decff9a8115d496cd7068faaf1372f149f4cc90b28c4dea836751029208966b72be28100b8ef31f8ca308d665
-
SSDEEP
12288:vMrNy90LkZPuVwvlJQn+0znJIzBWqq/pmUyun:Oy9ZaC/Qn/zJoWp/pt9
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1