General
-
Target
17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e
-
Size
1.2MB
-
Sample
241109-ed9a1azkgl
-
MD5
44f1dde35b2a9d60c8bfeae3df16d2b1
-
SHA1
ce5c36f118aeb79070cfbb264b955b01a8c09944
-
SHA256
17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e
-
SHA512
b057ed288cd92d8d096e7258fc5f828f099898c1e071f8677d314850580b4f5161bd10ffcadbf5627ece489e03107248d9addc3caa096dd7fdca13e063989364
-
SSDEEP
24576:ayqvTDf5z5l+hCjRr56fh8Y+THrFDvx11TOw6oqldL1KsMdXbxQINcmW:hURFACV+h8Y+Rb1TOw6ohXbxfc
Static task
static1
Behavioral task
behavioral1
Sample
17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e
-
Size
1.2MB
-
MD5
44f1dde35b2a9d60c8bfeae3df16d2b1
-
SHA1
ce5c36f118aeb79070cfbb264b955b01a8c09944
-
SHA256
17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e
-
SHA512
b057ed288cd92d8d096e7258fc5f828f099898c1e071f8677d314850580b4f5161bd10ffcadbf5627ece489e03107248d9addc3caa096dd7fdca13e063989364
-
SSDEEP
24576:ayqvTDf5z5l+hCjRr56fh8Y+THrFDvx11TOw6oqldL1KsMdXbxQINcmW:hURFACV+h8Y+Rb1TOw6ohXbxfc
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1