General
-
Target
baff9670c655cb55a101e4f6291bacdebb8641978cad3a52e5e6570ae6a06430
-
Size
538KB
-
Sample
241110-cg9d3awnfz
-
MD5
6dbaeb87b55a5c6dcfb9096366af6f65
-
SHA1
f3a2b59458dff8c5d8623a374ce57c75498bdc89
-
SHA256
baff9670c655cb55a101e4f6291bacdebb8641978cad3a52e5e6570ae6a06430
-
SHA512
f0444f7b160e4176d0e29011ed4cf11adb23faa55cdd9f6505c0ff2bc90ec4c29bb81c9cb266d81ce593579e2d7e26f71b09a3fdcd3798c683fbd4ef4a8966ff
-
SSDEEP
12288:aMrBy90Ikm8aWbfwbPHDR11Id0TBYzqbif6KAlu:/yFkTbDwbPHDRDQ0zbi5l
Static task
static1
Behavioral task
behavioral1
Sample
baff9670c655cb55a101e4f6291bacdebb8641978cad3a52e5e6570ae6a06430.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
baff9670c655cb55a101e4f6291bacdebb8641978cad3a52e5e6570ae6a06430
-
Size
538KB
-
MD5
6dbaeb87b55a5c6dcfb9096366af6f65
-
SHA1
f3a2b59458dff8c5d8623a374ce57c75498bdc89
-
SHA256
baff9670c655cb55a101e4f6291bacdebb8641978cad3a52e5e6570ae6a06430
-
SHA512
f0444f7b160e4176d0e29011ed4cf11adb23faa55cdd9f6505c0ff2bc90ec4c29bb81c9cb266d81ce593579e2d7e26f71b09a3fdcd3798c683fbd4ef4a8966ff
-
SSDEEP
12288:aMrBy90Ikm8aWbfwbPHDR11Id0TBYzqbif6KAlu:/yFkTbDwbPHDRDQ0zbi5l
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1