General
-
Target
91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c
-
Size
536KB
-
Sample
241110-dwswasycqm
-
MD5
7cc7840a92f5287f455d037a428a3c12
-
SHA1
4511b1f6ba45718b72ae8589204808d367e036ac
-
SHA256
91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c
-
SHA512
54758c4509252d1c400366ca57026ac247e42c40e245d1cfe995c6e8f3398d9af86581a55482f883b0c6ceb37fe00d81c3966c4e0326f7c24c3cb1eab2646244
-
SSDEEP
12288:oMrIy90Uo1Spi4DHeBiyNCz4DZ2LyIHY3nRS:wynHjTyNCi29HY3o
Static task
static1
Behavioral task
behavioral1
Sample
91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c
-
Size
536KB
-
MD5
7cc7840a92f5287f455d037a428a3c12
-
SHA1
4511b1f6ba45718b72ae8589204808d367e036ac
-
SHA256
91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c
-
SHA512
54758c4509252d1c400366ca57026ac247e42c40e245d1cfe995c6e8f3398d9af86581a55482f883b0c6ceb37fe00d81c3966c4e0326f7c24c3cb1eab2646244
-
SSDEEP
12288:oMrIy90Uo1Spi4DHeBiyNCz4DZ2LyIHY3nRS:wynHjTyNCi29HY3o
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1