General
-
Target
3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95aN.exe
-
Size
536KB
-
Sample
241216-jyqfva1qcw
-
MD5
7e896c54db3618d1e0139bd0a0c6f4d0
-
SHA1
9d8d03dfe95bdf3b1d8bc419220ad787b0dabfe8
-
SHA256
3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95a
-
SHA512
01c272d483b54aee1ec98a82092d68eecfcb93150d4a5b2f6b80331524fb8d825f960b002ec5506ebc1994f83697dc48f1526d233a278d01b5054a11cbb227e2
-
SSDEEP
12288:6MrXy905KzzO8KWrseWluoNdzfg4ZLDbqkrQEfJhcwN:pyCK/fhd8BNdxZHbX/N
Static task
static1
Behavioral task
behavioral1
Sample
3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95aN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95aN.exe
-
Size
536KB
-
MD5
7e896c54db3618d1e0139bd0a0c6f4d0
-
SHA1
9d8d03dfe95bdf3b1d8bc419220ad787b0dabfe8
-
SHA256
3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95a
-
SHA512
01c272d483b54aee1ec98a82092d68eecfcb93150d4a5b2f6b80331524fb8d825f960b002ec5506ebc1994f83697dc48f1526d233a278d01b5054a11cbb227e2
-
SSDEEP
12288:6MrXy905KzzO8KWrseWluoNdzfg4ZLDbqkrQEfJhcwN:pyCK/fhd8BNdxZHbX/N
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1