General
-
Target
f70edcf9774ae4c240fbce16ec49276811f8fe3ca2d1f79432919a2b47d4f796N.exe
-
Size
522KB
-
Sample
241113-ysws1axpfw
-
MD5
f2f6fd0fca3cbd7608276f4d4fd2cad0
-
SHA1
41f4e5ade9e0f12882f6a5978999188f2f0d38d9
-
SHA256
71b40e128468dd91ebeaf28394268c09683998672c84a87368b514d434363505
-
SHA512
04b5c2614f96a841bdb44c8120e98b533d95d4e8cf1aca00b2d53e9518c4db0c93ceaefbce216c7ce14ae60096d9a825678a3851dff80a4ba0979ee0833e1373
-
SSDEEP
12288:LMrly905fkHiIz1+3yktHGJ6qeCmKxTOdhR4qh1aXj2:eycfk/zXktHGJ6qeCxOdNTUj2
Static task
static1
Behavioral task
behavioral1
Sample
f70edcf9774ae4c240fbce16ec49276811f8fe3ca2d1f79432919a2b47d4f796N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
f70edcf9774ae4c240fbce16ec49276811f8fe3ca2d1f79432919a2b47d4f796N.exe
-
Size
522KB
-
MD5
f2f6fd0fca3cbd7608276f4d4fd2cad0
-
SHA1
41f4e5ade9e0f12882f6a5978999188f2f0d38d9
-
SHA256
71b40e128468dd91ebeaf28394268c09683998672c84a87368b514d434363505
-
SHA512
04b5c2614f96a841bdb44c8120e98b533d95d4e8cf1aca00b2d53e9518c4db0c93ceaefbce216c7ce14ae60096d9a825678a3851dff80a4ba0979ee0833e1373
-
SSDEEP
12288:LMrly905fkHiIz1+3yktHGJ6qeCmKxTOdhR4qh1aXj2:eycfk/zXktHGJ6qeCxOdNTUj2
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1