General
-
Target
aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555
-
Size
994KB
-
Sample
241115-brlkbawfmb
-
MD5
8fbc8e91fc496b5ed159ba7552e00079
-
SHA1
0c0c856fbfd7e8f66e27b8d0f7d781ef9dbb2efc
-
SHA256
aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555
-
SHA512
d5af39648ef779e484557995daf142f3ea373b0a5228a0da927fb747729ee597dee249a64b3772215f314cc0906ab7e1fbfe0b894148cebd6444791d73c71a4f
-
SSDEEP
24576:XyuYEoE2XI+Hb3F5m/e8XfnXrdS3vxEGG4ePVe5+k+Vt+Whr:iurIX3bzqXPgKGG4eM5+k7
Static task
static1
Behavioral task
behavioral1
Sample
aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Targets
-
-
Target
aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555
-
Size
994KB
-
MD5
8fbc8e91fc496b5ed159ba7552e00079
-
SHA1
0c0c856fbfd7e8f66e27b8d0f7d781ef9dbb2efc
-
SHA256
aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555
-
SHA512
d5af39648ef779e484557995daf142f3ea373b0a5228a0da927fb747729ee597dee249a64b3772215f314cc0906ab7e1fbfe0b894148cebd6444791d73c71a4f
-
SSDEEP
24576:XyuYEoE2XI+Hb3F5m/e8XfnXrdS3vxEGG4ePVe5+k+Vt+Whr:iurIX3bzqXPgKGG4eM5+k7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1