General
-
Target
150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238
-
Size
1.2MB
-
Sample
241109-fr37ksybpm
-
MD5
c0a9dbbef699da8851a5ce0fd567c5af
-
SHA1
9cf483565ac981545e78f4e992f2538b7ddd5083
-
SHA256
150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238
-
SHA512
6f6712d8faac5a064a3b5421b6ec107cacce3710e9afe349c4d4ffa6ca79863f1eb538a8ade7b69a922b07348852583a3b12999e2edb2cc92ce47ea80906f69d
-
SSDEEP
24576:UypUmJM7/UtcNtv+jsQ7xMT8jJdYcoLGfhnMSzJHY:jpUm67OcNtv+4Q1MT8Ec/iSzJH
Static task
static1
Behavioral task
behavioral1
Sample
150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238
-
Size
1.2MB
-
MD5
c0a9dbbef699da8851a5ce0fd567c5af
-
SHA1
9cf483565ac981545e78f4e992f2538b7ddd5083
-
SHA256
150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238
-
SHA512
6f6712d8faac5a064a3b5421b6ec107cacce3710e9afe349c4d4ffa6ca79863f1eb538a8ade7b69a922b07348852583a3b12999e2edb2cc92ce47ea80906f69d
-
SSDEEP
24576:UypUmJM7/UtcNtv+jsQ7xMT8jJdYcoLGfhnMSzJHY:jpUm67OcNtv+4Q1MT8Ec/iSzJH
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1