General
-
Target
73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd.exe
-
Size
515KB
-
Sample
241111-gjmqastgmn
-
MD5
7b43db74cd4bef4fc16db5aef3f404bf
-
SHA1
669f95f2d04c22e4f15ff84c8ffa958f7363b0ca
-
SHA256
73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd
-
SHA512
d159a41fbf793b2392d297eb15d0c935f1e996dc0a4e3d0eeffd71e86f681621f0571377f7e7c4a0252772eacc276277af5c6dd868cfefb594e90ed1502346c0
-
SSDEEP
12288:KMrty900l8Y062giyy5w/jSC/K5l72Ui+EUZxx/WnWg:vymNeh/I23+EUzNg
Static task
static1
Behavioral task
behavioral1
Sample
73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd.exe
-
Size
515KB
-
MD5
7b43db74cd4bef4fc16db5aef3f404bf
-
SHA1
669f95f2d04c22e4f15ff84c8ffa958f7363b0ca
-
SHA256
73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd
-
SHA512
d159a41fbf793b2392d297eb15d0c935f1e996dc0a4e3d0eeffd71e86f681621f0571377f7e7c4a0252772eacc276277af5c6dd868cfefb594e90ed1502346c0
-
SSDEEP
12288:KMrty900l8Y062giyy5w/jSC/K5l72Ui+EUZxx/WnWg:vymNeh/I23+EUzNg
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1