General
-
Target
b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9
-
Size
660KB
-
Sample
241111-hfhgvavdkn
-
MD5
625474b2b99045dbe2bc8cf7f1be274a
-
SHA1
f2408e18fb6f3f2fe676931d6c1fabb419275455
-
SHA256
b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9
-
SHA512
414c96d45f2a82bcba3d06491cfcac151272ae5aabfd5c86877208218a980c56c27e6c9709c8863c2d8035e31f4029266530a2f3fdff80a20cf7020a0ce078cc
-
SSDEEP
12288:2Mray90Thp3Sd8QztM+vMunTp1vdvxXN4bnwwgeivp4hVpMj:wy0pm8uCGMGfJRnuPej
Static task
static1
Behavioral task
behavioral1
Sample
b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9
-
Size
660KB
-
MD5
625474b2b99045dbe2bc8cf7f1be274a
-
SHA1
f2408e18fb6f3f2fe676931d6c1fabb419275455
-
SHA256
b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9
-
SHA512
414c96d45f2a82bcba3d06491cfcac151272ae5aabfd5c86877208218a980c56c27e6c9709c8863c2d8035e31f4029266530a2f3fdff80a20cf7020a0ce078cc
-
SSDEEP
12288:2Mray90Thp3Sd8QztM+vMunTp1vdvxXN4bnwwgeivp4hVpMj:wy0pm8uCGMGfJRnuPej
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1