General
-
Target
8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42
-
Size
1.2MB
-
Sample
241104-qvjmfssrcn
-
MD5
ea1c5001fbb6c153ff7d1596108d8679
-
SHA1
220f9aa32e690f26b28e32e1fd5ee441c81525e8
-
SHA256
8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42
-
SHA512
180574f47c41c70bcdd87ba10be9b0fd4398b7137b6d35649f950b28593e1b21f80668d9b30dfe5bb329d188bb55dc48e97f4f278280fd6bbd2dbb3d9580640d
-
SSDEEP
24576:hyC/WdwwlyWZtNZRtlFqRlafUtsRBGtAXQseZ82cPV:UC/WdHlyWNZtFvfUtqUTv
Static task
static1
Behavioral task
behavioral1
Sample
8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42
-
Size
1.2MB
-
MD5
ea1c5001fbb6c153ff7d1596108d8679
-
SHA1
220f9aa32e690f26b28e32e1fd5ee441c81525e8
-
SHA256
8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42
-
SHA512
180574f47c41c70bcdd87ba10be9b0fd4398b7137b6d35649f950b28593e1b21f80668d9b30dfe5bb329d188bb55dc48e97f4f278280fd6bbd2dbb3d9580640d
-
SSDEEP
24576:hyC/WdwwlyWZtNZRtlFqRlafUtsRBGtAXQseZ82cPV:UC/WdHlyWNZtFvfUtqUTv
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1