General
-
Target
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
Size
689KB
-
Sample
241111-brlkbaymcx
-
MD5
74aaead1c8dd7c6500cc558a72f69e7d
-
SHA1
ebd653a3d6fd37abd1467704bfa6748cafbd152e
-
SHA256
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
SHA512
3abc3f5e462713cd873c36ed3ad028dd1117e78ede19de5b23da276de9e78631533b2ad7d843d48d308652aad8e31b9dc992ac69777ef6687981bcb11793a9a9
-
SSDEEP
12288:5Mruy90wdkETVrnXbp2yKmyt65hLu2usMSKI3VgS7vvmFnwfigRA5/H9T3Dt:vyMKkgfaTsLZ3VgwvinwagA/Hp5
Static task
static1
Behavioral task
behavioral1
Sample
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
Size
689KB
-
MD5
74aaead1c8dd7c6500cc558a72f69e7d
-
SHA1
ebd653a3d6fd37abd1467704bfa6748cafbd152e
-
SHA256
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
SHA512
3abc3f5e462713cd873c36ed3ad028dd1117e78ede19de5b23da276de9e78631533b2ad7d843d48d308652aad8e31b9dc992ac69777ef6687981bcb11793a9a9
-
SSDEEP
12288:5Mruy90wdkETVrnXbp2yKmyt65hLu2usMSKI3VgS7vvmFnwfigRA5/H9T3Dt:vyMKkgfaTsLZ3VgwvinwagA/Hp5
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1