General
-
Target
26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175
-
Size
406KB
-
Sample
241112-zcbzbstpaj
-
MD5
373bc978169a0f9bd9bccf256317fa9e
-
SHA1
09d16cec007edd3b87cf930318974b8ba2c68303
-
SHA256
26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175
-
SHA512
bb7c3bd29f1630e1bea2cfef8b269773c0f39cbdab0b1b54bcaa221aa7f9c08d0d82cad124ab2d113d2b68ed6a3d9921ba0f28c06c47a56f02ed04e5bb3589e8
-
SSDEEP
12288:jMrHy90AMoF0ncoLNj77Iagg6MjbNvChjz1Qpih:0yZMFcONj77wg6MjbNvAj5Qpk
Static task
static1
Behavioral task
behavioral1
Sample
26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175
-
Size
406KB
-
MD5
373bc978169a0f9bd9bccf256317fa9e
-
SHA1
09d16cec007edd3b87cf930318974b8ba2c68303
-
SHA256
26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175
-
SHA512
bb7c3bd29f1630e1bea2cfef8b269773c0f39cbdab0b1b54bcaa221aa7f9c08d0d82cad124ab2d113d2b68ed6a3d9921ba0f28c06c47a56f02ed04e5bb3589e8
-
SSDEEP
12288:jMrHy90AMoF0ncoLNj77Iagg6MjbNvChjz1Qpih:0yZMFcONj77wg6MjbNvAj5Qpk
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1