General
-
Target
e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384
-
Size
659KB
-
Sample
241110-eaks8syhke
-
MD5
e3712475b34a023b2e82f610540deef9
-
SHA1
67201dbc95df4e1e8ff04d75a122b0b7821a376a
-
SHA256
e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384
-
SHA512
9c4ad576fb6abd5caeda14601ca1aa49e1eded59b4e3e7b527b3db02420c008a0f7d727bdb61c297634abd9febd726c8d38902920a957d4e8d33ad2ea78328bf
-
SSDEEP
12288:gMr0y90lML+e1kORgpcMeb0SqxGujQxx39eVBoHArc/ze7eu4NEX8unSL8:Eyx1kkUZ1XjIeVBoHCc7e7X4Nwxg8
Static task
static1
Behavioral task
behavioral1
Sample
e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384
-
Size
659KB
-
MD5
e3712475b34a023b2e82f610540deef9
-
SHA1
67201dbc95df4e1e8ff04d75a122b0b7821a376a
-
SHA256
e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384
-
SHA512
9c4ad576fb6abd5caeda14601ca1aa49e1eded59b4e3e7b527b3db02420c008a0f7d727bdb61c297634abd9febd726c8d38902920a957d4e8d33ad2ea78328bf
-
SSDEEP
12288:gMr0y90lML+e1kORgpcMeb0SqxGujQxx39eVBoHArc/ze7eu4NEX8unSL8:Eyx1kkUZ1XjIeVBoHCc7e7X4Nwxg8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1