General
-
Target
f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe
-
Size
1.2MB
-
Sample
241110-echrnaskbj
-
MD5
602d16b14aa77fa9c93e2b45d10bea08
-
SHA1
12e2f4dc73cdce26440396c0e83dc04261e25d1e
-
SHA256
f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe
-
SHA512
aeb7ab7bacceeb3a4a0a8ef9f0c02afc65f705d57fc3b246df4c626b030d7d8b2c7e570797c238276329849efe0e7a025be25a6b43b92136f5789fc342992b8d
-
SSDEEP
24576:zyvKz31aB50I1lo+1ANmHiyUy3hPqEAOnDSgaryBd:Gs3Mud+WQUydYwD
Static task
static1
Behavioral task
behavioral1
Sample
f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Targets
-
-
Target
f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe
-
Size
1.2MB
-
MD5
602d16b14aa77fa9c93e2b45d10bea08
-
SHA1
12e2f4dc73cdce26440396c0e83dc04261e25d1e
-
SHA256
f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe
-
SHA512
aeb7ab7bacceeb3a4a0a8ef9f0c02afc65f705d57fc3b246df4c626b030d7d8b2c7e570797c238276329849efe0e7a025be25a6b43b92136f5789fc342992b8d
-
SSDEEP
24576:zyvKz31aB50I1lo+1ANmHiyUy3hPqEAOnDSgaryBd:Gs3Mud+WQUydYwD
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1