General
-
Target
a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018
-
Size
1.1MB
-
Sample
241109-gzflxsskcr
-
MD5
d7c3f25879c5bbfa5a4b0d8a7c1f41e0
-
SHA1
af59766602c6e967660034893eea771e797db5eb
-
SHA256
a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018
-
SHA512
a4e59c32209c6a8a049d77575b803dcd8c984b899edbdaf371f4afc3fb0740452ca07bfe5b7f58568b8ea3a9ff2e3854c88e3eb4cd73d89c9068513ec48ecd80
-
SSDEEP
24576:2yhw/Wm3x0kvjP2+OG22t6Y7Y4ORaxZc:FS/Wyx0F+OG22tcRkZ
Static task
static1
Behavioral task
behavioral1
Sample
a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018
-
Size
1.1MB
-
MD5
d7c3f25879c5bbfa5a4b0d8a7c1f41e0
-
SHA1
af59766602c6e967660034893eea771e797db5eb
-
SHA256
a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018
-
SHA512
a4e59c32209c6a8a049d77575b803dcd8c984b899edbdaf371f4afc3fb0740452ca07bfe5b7f58568b8ea3a9ff2e3854c88e3eb4cd73d89c9068513ec48ecd80
-
SSDEEP
24576:2yhw/Wm3x0kvjP2+OG22t6Y7Y4ORaxZc:FS/Wyx0F+OG22tcRkZ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1