General
-
Target
8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059fN.exe
-
Size
651KB
-
Sample
241119-rlxy6axapb
-
MD5
1d77e30d44293344767ee172b189e2a0
-
SHA1
b4b43a0d69924cd5993dbe8818e613a99c37c811
-
SHA256
8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059f
-
SHA512
421e53095e0fe51dd7483699106dd17d1bc7ad147a1dd1ed546713a3d6dfa9e12fa723e6ed021b354b7b0a02f56780c5bc73dbd8abe0b62e1c06f697a9896363
-
SSDEEP
12288:AMrIy90jb//HOJ3g7pTHaTBD3KEYmdikaft43o3:4y4bDHqBDBYmdWft430
Static task
static1
Behavioral task
behavioral1
Sample
8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059fN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059fN.exe
-
Size
651KB
-
MD5
1d77e30d44293344767ee172b189e2a0
-
SHA1
b4b43a0d69924cd5993dbe8818e613a99c37c811
-
SHA256
8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059f
-
SHA512
421e53095e0fe51dd7483699106dd17d1bc7ad147a1dd1ed546713a3d6dfa9e12fa723e6ed021b354b7b0a02f56780c5bc73dbd8abe0b62e1c06f697a9896363
-
SSDEEP
12288:AMrIy90jb//HOJ3g7pTHaTBD3KEYmdikaft43o3:4y4bDHqBDBYmdWft430
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1