General
-
Target
5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5
-
Size
522KB
-
Sample
241111-hfr2aavglg
-
MD5
94ab6f0f68cd58baaa15a7c9dde04d63
-
SHA1
e052c4603b9ef0dda2bedcfd95ac2ad2f4d2e0fb
-
SHA256
5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5
-
SHA512
b0ffea1aea48eff355d0275cc1f849d98bed5c89ed19bf715a7583451dd1c38f825bb2f20ee4c63f8f1149b92564e8c37a42241708ee1b656c59d9957514b940
-
SSDEEP
6144:K+y+bnr+Np0yN90QErDmiTB21cgkrEaqxH/GmtIBXUqNssr/DniYHkzWYy0E82ER:6Mrhy905lgFI9UessrLiG87ME8vQqw
Static task
static1
Behavioral task
behavioral1
Sample
5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5
-
Size
522KB
-
MD5
94ab6f0f68cd58baaa15a7c9dde04d63
-
SHA1
e052c4603b9ef0dda2bedcfd95ac2ad2f4d2e0fb
-
SHA256
5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5
-
SHA512
b0ffea1aea48eff355d0275cc1f849d98bed5c89ed19bf715a7583451dd1c38f825bb2f20ee4c63f8f1149b92564e8c37a42241708ee1b656c59d9957514b940
-
SSDEEP
6144:K+y+bnr+Np0yN90QErDmiTB21cgkrEaqxH/GmtIBXUqNssr/DniYHkzWYy0E82ER:6Mrhy905lgFI9UessrLiG87ME8vQqw
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1