General
-
Target
974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e
-
Size
388KB
-
Sample
241117-jg4xxavdle
-
MD5
d0a757f64aa64800b0200779e309053b
-
SHA1
cdb88fbd3ecc6d48d12a273b620b52a8a51fd843
-
SHA256
974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e
-
SHA512
b0f9cf93fec2b842b30d2e763cf92338638310da9e3bccea7dc459fa7fd887c74fd4dc113236f08463c9a422fdd79afa657bde8350df765d46c62a7400c0249a
-
SSDEEP
12288:qMrJy90bOT8wNXn2KjfQoqBt2uw8+fLu:7yZ1ZnrQDex8yLu
Static task
static1
Behavioral task
behavioral1
Sample
974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e
-
Size
388KB
-
MD5
d0a757f64aa64800b0200779e309053b
-
SHA1
cdb88fbd3ecc6d48d12a273b620b52a8a51fd843
-
SHA256
974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e
-
SHA512
b0f9cf93fec2b842b30d2e763cf92338638310da9e3bccea7dc459fa7fd887c74fd4dc113236f08463c9a422fdd79afa657bde8350df765d46c62a7400c0249a
-
SSDEEP
12288:qMrJy90bOT8wNXn2KjfQoqBt2uw8+fLu:7yZ1ZnrQDex8yLu
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1