General
-
Target
2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0
-
Size
697KB
-
Sample
241111-gvpn2axqcm
-
MD5
727df615151725e1d15d7821bf9b711c
-
SHA1
1e107d3936300efc2e5655a7b2c5e78c7d2e0cfe
-
SHA256
2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0
-
SHA512
4be5cce574aeb012cd7449ace5b23a59002b5006e38a45670a872f844e91a81d2651758d151eebd0b3cad1bfb23d66a30146685ae2cc9d7ff0354f632906ce35
-
SSDEEP
12288:kMrfy90KjMSLE06ezEn88hG0TLXtClMXLXLI/rGd5gjIk5VbGFLt7lmq:DynXyNG0vgqXYyfaCFaq
Static task
static1
Behavioral task
behavioral1
Sample
2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0
-
Size
697KB
-
MD5
727df615151725e1d15d7821bf9b711c
-
SHA1
1e107d3936300efc2e5655a7b2c5e78c7d2e0cfe
-
SHA256
2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0
-
SHA512
4be5cce574aeb012cd7449ace5b23a59002b5006e38a45670a872f844e91a81d2651758d151eebd0b3cad1bfb23d66a30146685ae2cc9d7ff0354f632906ce35
-
SSDEEP
12288:kMrfy90KjMSLE06ezEn88hG0TLXtClMXLXLI/rGd5gjIk5VbGFLt7lmq:DynXyNG0vgqXYyfaCFaq
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1