General
-
Target
75ce678ab6a4a5114789c31dede4217d9f99d0b2290e19454a7292c63ee64f07N.exe
-
Size
528KB
-
Sample
241111-hlblgsvhjf
-
MD5
3d235b69ed6439baf181cf1c6fa1893c
-
SHA1
8b4ccabb4ecf48e4741d24e63275f2e9294b993e
-
SHA256
f53653178dba5f08c4e79be3a3424815dee0e4f83fa08ec62f84cc61a8d6bf07
-
SHA512
25d12fd8ecdd01e7704ed390207ecb7f3cf8c98a56317d884b46d0bb824bac45fe4708651aca4f064ee2de49c4a5343d2a6178c21cbf743b91589cd96803cb8d
-
SSDEEP
12288:ZMrfy906kVVi3onfNodYU0tNS4Epy5BePNjlb572im:qyyVVij50DSEgPNpbZfm
Static task
static1
Behavioral task
behavioral1
Sample
75ce678ab6a4a5114789c31dede4217d9f99d0b2290e19454a7292c63ee64f07N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Targets
-
-
Target
75ce678ab6a4a5114789c31dede4217d9f99d0b2290e19454a7292c63ee64f07N.exe
-
Size
528KB
-
MD5
3d235b69ed6439baf181cf1c6fa1893c
-
SHA1
8b4ccabb4ecf48e4741d24e63275f2e9294b993e
-
SHA256
f53653178dba5f08c4e79be3a3424815dee0e4f83fa08ec62f84cc61a8d6bf07
-
SHA512
25d12fd8ecdd01e7704ed390207ecb7f3cf8c98a56317d884b46d0bb824bac45fe4708651aca4f064ee2de49c4a5343d2a6178c21cbf743b91589cd96803cb8d
-
SSDEEP
12288:ZMrfy906kVVi3onfNodYU0tNS4Epy5BePNjlb572im:qyyVVij50DSEgPNpbZfm
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1