General
-
Target
598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a.exe
-
Size
537KB
-
Sample
241113-ye2gbsxnaz
-
MD5
62f6b7b818fd0118f624b1a4c45f57d1
-
SHA1
2ad2ed3b0976096c8e64e4f08070c81bf4c07c55
-
SHA256
598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a
-
SHA512
b1a3abc832519b03d8e0c89b4680ebb53957d5874140fdb4cecbd96ef544d910afb41297d2220222c7009ced0aeaf986d60237787523a703c00012b54129a79f
-
SSDEEP
12288:QMrby90M4uhV8fRN+ucZUjDH3wRyIQr554xqtENFaWLOP:by/4A4/GZsXwRG95AsP
Static task
static1
Behavioral task
behavioral1
Sample
598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a.exe
-
Size
537KB
-
MD5
62f6b7b818fd0118f624b1a4c45f57d1
-
SHA1
2ad2ed3b0976096c8e64e4f08070c81bf4c07c55
-
SHA256
598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a
-
SHA512
b1a3abc832519b03d8e0c89b4680ebb53957d5874140fdb4cecbd96ef544d910afb41297d2220222c7009ced0aeaf986d60237787523a703c00012b54129a79f
-
SSDEEP
12288:QMrby90M4uhV8fRN+ucZUjDH3wRyIQr554xqtENFaWLOP:by/4A4/GZsXwRG95AsP
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1