General
-
Target
fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76
-
Size
537KB
-
Sample
241110-dzgx7s1qep
-
MD5
68aff4eefe0c8f2db496d27cae60cb22
-
SHA1
a37ad1eff96588b2c5434f3989bd88feb7a23fe0
-
SHA256
fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76
-
SHA512
5776c93be443aa952955bd6b6823d61ea29b3e82e2ad97c9ca11840d542a697837850e4a613421671d0028468e1bbda71cbb801091f8fae61066ed213f5b2ae5
-
SSDEEP
12288:zMrWy90heKcAfNVq29UM3HJwTeEB0g/O:5yAcAVT9dpwNBa
Static task
static1
Behavioral task
behavioral1
Sample
fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76
-
Size
537KB
-
MD5
68aff4eefe0c8f2db496d27cae60cb22
-
SHA1
a37ad1eff96588b2c5434f3989bd88feb7a23fe0
-
SHA256
fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76
-
SHA512
5776c93be443aa952955bd6b6823d61ea29b3e82e2ad97c9ca11840d542a697837850e4a613421671d0028468e1bbda71cbb801091f8fae61066ed213f5b2ae5
-
SSDEEP
12288:zMrWy90heKcAfNVq29UM3HJwTeEB0g/O:5yAcAVT9dpwNBa
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1