General
-
Target
34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196
-
Size
548KB
-
Sample
241110-bwdehawfnr
-
MD5
fb2970582d8f80d67da1ce73178363ee
-
SHA1
60c1708b06131009577b7d301cd48783128ace8d
-
SHA256
34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196
-
SHA512
e5643791d797dff35a152a18b5821a4b1f439db2b62b063f451f975ad8fd97d11ec5e514c955a4bdb2d4ae567d2bee00f630af1fc62993d3e8c9d8df850d93b4
-
SSDEEP
12288:2MrAy90O4wJHkMkmtrf4/hBZ9Pba7ygGuNnfE5C/IiXjGT:2yX46ATh3Na9GN5CHzGT
Static task
static1
Behavioral task
behavioral1
Sample
34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Targets
-
-
Target
34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196
-
Size
548KB
-
MD5
fb2970582d8f80d67da1ce73178363ee
-
SHA1
60c1708b06131009577b7d301cd48783128ace8d
-
SHA256
34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196
-
SHA512
e5643791d797dff35a152a18b5821a4b1f439db2b62b063f451f975ad8fd97d11ec5e514c955a4bdb2d4ae567d2bee00f630af1fc62993d3e8c9d8df850d93b4
-
SSDEEP
12288:2MrAy90O4wJHkMkmtrf4/hBZ9Pba7ygGuNnfE5C/IiXjGT:2yX46ATh3Na9GN5CHzGT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1