General
-
Target
634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1
-
Size
690KB
-
Sample
241111-hsr7tavfjj
-
MD5
a5d3418351f9d08fdd9a9f1e0cc90674
-
SHA1
c026710bd5932c1577690dbca741e48acbc096ba
-
SHA256
634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1
-
SHA512
2506c84ff177336d409335938f9d400cbdf2288c5140465602f72de0f023fb36b8c35b862a37ef93feabd986b0971016cc5fc65328dc41a544e6a2b6c11684aa
-
SSDEEP
12288:aMr0y90mRuttHQ88MnhIM95gTNN70tYJ9/7RN+hZNE3XJybYgQe07Ctl8L:Cyo88hIpN7ZJ9jRNsNE3MlQxAo
Static task
static1
Behavioral task
behavioral1
Sample
634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1
-
Size
690KB
-
MD5
a5d3418351f9d08fdd9a9f1e0cc90674
-
SHA1
c026710bd5932c1577690dbca741e48acbc096ba
-
SHA256
634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1
-
SHA512
2506c84ff177336d409335938f9d400cbdf2288c5140465602f72de0f023fb36b8c35b862a37ef93feabd986b0971016cc5fc65328dc41a544e6a2b6c11684aa
-
SSDEEP
12288:aMr0y90mRuttHQ88MnhIM95gTNN70tYJ9/7RN+hZNE3XJybYgQe07Ctl8L:Cyo88hIpN7ZJ9jRNsNE3MlQxAo
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1