General
-
Target
ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208
-
Size
405KB
-
Sample
241115-bm9fksvrex
-
MD5
b8507cd8218043fe5338ba7823a5ea17
-
SHA1
577beff9c09af69271919c89b4e9ea75e6f62cdb
-
SHA256
ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208
-
SHA512
85dc36d51fd9747b5e0659733249cdf7bf374d9337ea4cfe4c763ab576d44b9c601ffd5866ec6bf8a7626c463b8d88dc45ad8f5b9d797ee576b11f046005dfc7
-
SSDEEP
6144:Kvy+bnr+vp0yN90QEXsGMfnkv++ZekjMH/DmggUUP5eRfpGiP90/cK8:ZMr/y90RsGS5cedaggUMCcQO/p8
Static task
static1
Behavioral task
behavioral1
Sample
ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208
-
Size
405KB
-
MD5
b8507cd8218043fe5338ba7823a5ea17
-
SHA1
577beff9c09af69271919c89b4e9ea75e6f62cdb
-
SHA256
ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208
-
SHA512
85dc36d51fd9747b5e0659733249cdf7bf374d9337ea4cfe4c763ab576d44b9c601ffd5866ec6bf8a7626c463b8d88dc45ad8f5b9d797ee576b11f046005dfc7
-
SSDEEP
6144:Kvy+bnr+vp0yN90QEXsGMfnkv++ZekjMH/DmggUUP5eRfpGiP90/cK8:ZMr/y90RsGS5cedaggUMCcQO/p8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1