General
-
Target
056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84
-
Size
549KB
-
Sample
241112-xze86ayhrb
-
MD5
7c78c2716ed117d6547dafa5aa23750a
-
SHA1
af74b34ebb5239547d5f0eddc44698ea0b45051e
-
SHA256
056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84
-
SHA512
f846723a905a77be59a1e98dd3353ea98a6e8bc6e23dfafbff9e2c60091148e04640fa55dca983e8660ace5149c060ea99c689e7a1ca73d12dbd00ad5ed0c2e2
-
SSDEEP
12288:uMrSy90JIR6gVBqGJMmAJhEhSejNjf2xl:Iy0KqGJUfEJjf0l
Static task
static1
Behavioral task
behavioral1
Sample
056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84
-
Size
549KB
-
MD5
7c78c2716ed117d6547dafa5aa23750a
-
SHA1
af74b34ebb5239547d5f0eddc44698ea0b45051e
-
SHA256
056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84
-
SHA512
f846723a905a77be59a1e98dd3353ea98a6e8bc6e23dfafbff9e2c60091148e04640fa55dca983e8660ace5149c060ea99c689e7a1ca73d12dbd00ad5ed0c2e2
-
SSDEEP
12288:uMrSy90JIR6gVBqGJMmAJhEhSejNjf2xl:Iy0KqGJUfEJjf0l
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1