General
-
Target
0bb21344db4901776a9180e959cc3cd5f6f4c63f3a2a58dbf437081c564a5c16
-
Size
1.1MB
-
Sample
241109-fwxkla1mfn
-
MD5
9d7c89be2d6674bc2eb4d289558ceb86
-
SHA1
75d0abf66783dc913b715b25c1266e31eb377ff9
-
SHA256
0bb21344db4901776a9180e959cc3cd5f6f4c63f3a2a58dbf437081c564a5c16
-
SHA512
b29b2716672024b16b039b765cbae4853dae8de00f713ce5ecea5bc79e1326209f89305d8e603b6d734e1cda578189a9b1bcef10c73108e10bfd5e116a565473
-
SSDEEP
24576:YyoX6Fb360vH7LpxxY2NMxZr3Vol5u0q8Oy2:foX6FbTLeWvlO
Static task
static1
Behavioral task
behavioral1
Sample
0bb21344db4901776a9180e959cc3cd5f6f4c63f3a2a58dbf437081c564a5c16.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
0bb21344db4901776a9180e959cc3cd5f6f4c63f3a2a58dbf437081c564a5c16
-
Size
1.1MB
-
MD5
9d7c89be2d6674bc2eb4d289558ceb86
-
SHA1
75d0abf66783dc913b715b25c1266e31eb377ff9
-
SHA256
0bb21344db4901776a9180e959cc3cd5f6f4c63f3a2a58dbf437081c564a5c16
-
SHA512
b29b2716672024b16b039b765cbae4853dae8de00f713ce5ecea5bc79e1326209f89305d8e603b6d734e1cda578189a9b1bcef10c73108e10bfd5e116a565473
-
SSDEEP
24576:YyoX6Fb360vH7LpxxY2NMxZr3Vol5u0q8Oy2:foX6FbTLeWvlO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1