General
-
Target
261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114
-
Size
534KB
-
Sample
241112-za3dha1aqf
-
MD5
660f1f541b900fff4a1d5a8dbab43b20
-
SHA1
285938ef84bb1068f988d95c2fd2a62c8235abe0
-
SHA256
261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114
-
SHA512
05e3a221d5f77317a426ea42a408ffddd3130e89d46393366ea73993310826a2643e8a17515a1aa3aacd200f78b286f4c6e8a09bf27d746f9548b6bf435738d8
-
SSDEEP
12288:0Mrfy90byM5cOx8EGSVcYOu6LmvbDaNc5jZC5B4UTR:LyicfiVcupTDqojsTR
Static task
static1
Behavioral task
behavioral1
Sample
261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114
-
Size
534KB
-
MD5
660f1f541b900fff4a1d5a8dbab43b20
-
SHA1
285938ef84bb1068f988d95c2fd2a62c8235abe0
-
SHA256
261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114
-
SHA512
05e3a221d5f77317a426ea42a408ffddd3130e89d46393366ea73993310826a2643e8a17515a1aa3aacd200f78b286f4c6e8a09bf27d746f9548b6bf435738d8
-
SSDEEP
12288:0Mrfy90byM5cOx8EGSVcYOu6LmvbDaNc5jZC5B4UTR:LyicfiVcupTDqojsTR
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1