General
-
Target
da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15
-
Size
673KB
-
Sample
241110-bwrl5awhka
-
MD5
c97ce15e9e6f3f119f0303bfcec9cbcf
-
SHA1
d6eec48a2755d4201d529e22c282161a93bfa7bd
-
SHA256
da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15
-
SHA512
3fada44c908e5bdf5f0e5f9b113e7c76213a55870422fae4bb3aaac2a0c3fc229b62b6f8518ef4c520fc9665a9b7dd5679169a78cc2669e4bb86c8757ebb667f
-
SSDEEP
12288:iMrMy90ic5xKyTUZhiPqVlRPruMFpDMuFR40Dc4R7uWp3SWIm26+qf:ayZbmYuMFpDvc4BuSIm26+S
Static task
static1
Behavioral task
behavioral1
Sample
da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15
-
Size
673KB
-
MD5
c97ce15e9e6f3f119f0303bfcec9cbcf
-
SHA1
d6eec48a2755d4201d529e22c282161a93bfa7bd
-
SHA256
da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15
-
SHA512
3fada44c908e5bdf5f0e5f9b113e7c76213a55870422fae4bb3aaac2a0c3fc229b62b6f8518ef4c520fc9665a9b7dd5679169a78cc2669e4bb86c8757ebb667f
-
SSDEEP
12288:iMrMy90ic5xKyTUZhiPqVlRPruMFpDMuFR40Dc4R7uWp3SWIm26+qf:ayZbmYuMFpDvc4BuSIm26+S
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1