General
-
Target
54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8
-
Size
531KB
-
Sample
241111-glp87svcje
-
MD5
ee833c9c36e44866e927c3cb63a2b506
-
SHA1
19b79e8324365211411bb8d3d4103da2374b4f2a
-
SHA256
54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8
-
SHA512
411060d6a060439b380db677ce016e7baeccbaa4d8bcfa2a3782aa04e91a32f185be2d14d77ddae7dd7da18d36659bca4c94141fa4278ee47230b4fba9c17326
-
SSDEEP
12288:1Mrhy90X+GP4T5w6rV0ZnJIpBhqq/umB02XMY:wy8t4feZJ4hp/u00+MY
Static task
static1
Behavioral task
behavioral1
Sample
54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8
-
Size
531KB
-
MD5
ee833c9c36e44866e927c3cb63a2b506
-
SHA1
19b79e8324365211411bb8d3d4103da2374b4f2a
-
SHA256
54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8
-
SHA512
411060d6a060439b380db677ce016e7baeccbaa4d8bcfa2a3782aa04e91a32f185be2d14d77ddae7dd7da18d36659bca4c94141fa4278ee47230b4fba9c17326
-
SSDEEP
12288:1Mrhy90X+GP4T5w6rV0ZnJIpBhqq/umB02XMY:wy8t4feZJ4hp/u00+MY
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1