General
-
Target
f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163
-
Size
1.1MB
-
Sample
241104-qrw4dasqhk
-
MD5
60f2ec9fdcb9b314a840c2cb2d565d16
-
SHA1
43970483d185c683836d63d4cd41b26d843e3992
-
SHA256
f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163
-
SHA512
cb8a62cdd7a409f02ab9bc128229214bc5ba6e0390e67c56eaaa2bf80beb779f3c0256df30a81ea82b94b59b8834a4097a5481908673f0bae8afd7760702a48b
-
SSDEEP
24576:byfbyHvEC2hUfP75J0M4Hu+oBCzDfs37nigxVqt4d:OfbyPEC2S7D3YvE3Digb
Static task
static1
Behavioral task
behavioral1
Sample
f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163
-
Size
1.1MB
-
MD5
60f2ec9fdcb9b314a840c2cb2d565d16
-
SHA1
43970483d185c683836d63d4cd41b26d843e3992
-
SHA256
f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163
-
SHA512
cb8a62cdd7a409f02ab9bc128229214bc5ba6e0390e67c56eaaa2bf80beb779f3c0256df30a81ea82b94b59b8834a4097a5481908673f0bae8afd7760702a48b
-
SSDEEP
24576:byfbyHvEC2hUfP75J0M4Hu+oBCzDfs37nigxVqt4d:OfbyPEC2S7D3YvE3Digb
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1