General
-
Target
8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0
-
Size
676KB
-
Sample
241110-ejyrfszarg
-
MD5
e77fa1db8bf5ecda1ec6d6580dd7df49
-
SHA1
f296b100d1332510a2f06a755ad8aa917e4a4668
-
SHA256
8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0
-
SHA512
c30fdca5f3e8ff9938a4122da5c8ee74a51ac0ed5646b8e43d9221fdcf38bc689bd07d53a97f8f19fa3820ca612dc14538db47148464948eafd125407c3946bb
-
SSDEEP
12288:VMrEy90WQI1big5v/WJutWSz9MbBAiFFZuCMQIS0bULleFEp3/uOtpK3enQ9k:Vy6I1bjt/WIR9MhuCMQISmUBey5GOu3s
Static task
static1
Behavioral task
behavioral1
Sample
8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0
-
Size
676KB
-
MD5
e77fa1db8bf5ecda1ec6d6580dd7df49
-
SHA1
f296b100d1332510a2f06a755ad8aa917e4a4668
-
SHA256
8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0
-
SHA512
c30fdca5f3e8ff9938a4122da5c8ee74a51ac0ed5646b8e43d9221fdcf38bc689bd07d53a97f8f19fa3820ca612dc14538db47148464948eafd125407c3946bb
-
SSDEEP
12288:VMrEy90WQI1big5v/WJutWSz9MbBAiFFZuCMQIS0bULleFEp3/uOtpK3enQ9k:Vy6I1bjt/WIR9MhuCMQISmUBey5GOu3s
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1