General
-
Target
d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251
-
Size
1.3MB
-
Sample
241109-epj59axdjb
-
MD5
08cdb944ec65be70285ab80203ed0a1c
-
SHA1
398907c257f7622e7cff3f69091222aa712c53bb
-
SHA256
d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251
-
SHA512
950e4157f4bbaf385f653480fb8a03782ee12927950770f4d9286b6b0ed39522ca740787a5e854ea73ec3f65dbead2c32c531b5b5b79d7077e3eb7d436b755c9
-
SSDEEP
24576:QyAuafJTJyuZoD7HIMd7S5g1o+GnlVZo3VPdKfoPbbOSUHkM:XvaRAuXU6WlcVaVPdKfoj6SUHk
Static task
static1
Behavioral task
behavioral1
Sample
d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251
-
Size
1.3MB
-
MD5
08cdb944ec65be70285ab80203ed0a1c
-
SHA1
398907c257f7622e7cff3f69091222aa712c53bb
-
SHA256
d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251
-
SHA512
950e4157f4bbaf385f653480fb8a03782ee12927950770f4d9286b6b0ed39522ca740787a5e854ea73ec3f65dbead2c32c531b5b5b79d7077e3eb7d436b755c9
-
SSDEEP
24576:QyAuafJTJyuZoD7HIMd7S5g1o+GnlVZo3VPdKfoPbbOSUHkM:XvaRAuXU6WlcVaVPdKfoj6SUHk
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1