General
-
Target
fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954
-
Size
532KB
-
Sample
241109-12mmsstcnc
-
MD5
46f9fb74b20f1d11899ac38a1f3222cf
-
SHA1
18d5fb45df3a51c1bd5230b44ded82e36c04206b
-
SHA256
fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954
-
SHA512
5a0509cb0fa3e22bd4af9292bb59416566632e0d71b0bc2eaa2a3aee92b1bc25fc0511b56603b781c22ffc6ed28583fab195c4b01b8b72208da225e412e102f9
-
SSDEEP
6144:Kjy+bnr+bp0yN90QEt7YqB3REI5ujSTz02UlIxjXPTBKTI4mNqgsEb20eZC5K1S7:VMrXy90MMhEy0gf93ag23qEnY
Static task
static1
Behavioral task
behavioral1
Sample
fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954
-
Size
532KB
-
MD5
46f9fb74b20f1d11899ac38a1f3222cf
-
SHA1
18d5fb45df3a51c1bd5230b44ded82e36c04206b
-
SHA256
fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954
-
SHA512
5a0509cb0fa3e22bd4af9292bb59416566632e0d71b0bc2eaa2a3aee92b1bc25fc0511b56603b781c22ffc6ed28583fab195c4b01b8b72208da225e412e102f9
-
SSDEEP
6144:Kjy+bnr+bp0yN90QEt7YqB3REI5ujSTz02UlIxjXPTBKTI4mNqgsEb20eZC5K1S7:VMrXy90MMhEy0gf93ag23qEnY
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1