General
-
Target
42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622
-
Size
516KB
-
Sample
241110-bzcx5swkcx
-
MD5
d4cc7d0dadcfb1fb0a21fa114592015c
-
SHA1
34280083301fac39fb10974b307a15380c5e2d96
-
SHA256
42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622
-
SHA512
b072e47d42cd8d706c06e17ccf176215fa79565e4b37e47581e64ed70f9b8c6c8257aa68463e51f42e8c99f22249ae5db9eaa54559b77225ebfb8f1d03d5b50a
-
SSDEEP
12288:AMr9y90nHAWaL8i04nioHGukmy3W/Ptvi9cn:tyo3NcOmymntvi9I
Static task
static1
Behavioral task
behavioral1
Sample
42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622
-
Size
516KB
-
MD5
d4cc7d0dadcfb1fb0a21fa114592015c
-
SHA1
34280083301fac39fb10974b307a15380c5e2d96
-
SHA256
42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622
-
SHA512
b072e47d42cd8d706c06e17ccf176215fa79565e4b37e47581e64ed70f9b8c6c8257aa68463e51f42e8c99f22249ae5db9eaa54559b77225ebfb8f1d03d5b50a
-
SSDEEP
12288:AMr9y90nHAWaL8i04nioHGukmy3W/Ptvi9cn:tyo3NcOmymntvi9I
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1