General
-
Target
ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b
-
Size
689KB
-
Sample
241110-dwnlksxrax
-
MD5
2a95abd270f77aaa56c16941f7af6d10
-
SHA1
05568dd4e11223aeba8adac2b5fc4848e330b998
-
SHA256
ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b
-
SHA512
13f08741f5cb7d453e22a74323174f0ea5362fe326ee396d59d0fbf343c2b2627c49f2dd90f3d14ca8993ee6d98bf332836cd7856278c5d4d7fbe9f5788467d7
-
SSDEEP
12288:uMrcy90jHX5lsKSPajXtzew9ZEVrtjH0Cy0sbri26z6hk85MKvW:uyDP4xew9ZEZtjUCypbO2y6B59O
Static task
static1
Behavioral task
behavioral1
Sample
ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b
-
Size
689KB
-
MD5
2a95abd270f77aaa56c16941f7af6d10
-
SHA1
05568dd4e11223aeba8adac2b5fc4848e330b998
-
SHA256
ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b
-
SHA512
13f08741f5cb7d453e22a74323174f0ea5362fe326ee396d59d0fbf343c2b2627c49f2dd90f3d14ca8993ee6d98bf332836cd7856278c5d4d7fbe9f5788467d7
-
SSDEEP
12288:uMrcy90jHX5lsKSPajXtzew9ZEVrtjH0Cy0sbri26z6hk85MKvW:uyDP4xew9ZEZtjUCypbO2y6B59O
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1