General
-
Target
bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aacN
-
Size
1.0MB
-
Sample
241109-xne41szerf
-
MD5
164399c07a84e784cf2c7d269893d210
-
SHA1
1c55b2d73481c554265c5087f69c5c0119acb915
-
SHA256
bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aac
-
SHA512
13b6168b4a5ed69cb1abd29eabf562858d8d4df7b7abf6a1f9dd528ad6c068fc70695b3811ca9b7d12c1fee3db6d78b4f7a5bb63c632b2c53212fbedf77ab49c
-
SSDEEP
24576:syrpgWUuWauTv5LC3pTeBH0fBQB6PfYIR3HvjxTByEuE:brpFK35ACUfBnPfb3PjBB
Static task
static1
Behavioral task
behavioral1
Sample
bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aacN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aacN
-
Size
1.0MB
-
MD5
164399c07a84e784cf2c7d269893d210
-
SHA1
1c55b2d73481c554265c5087f69c5c0119acb915
-
SHA256
bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aac
-
SHA512
13b6168b4a5ed69cb1abd29eabf562858d8d4df7b7abf6a1f9dd528ad6c068fc70695b3811ca9b7d12c1fee3db6d78b4f7a5bb63c632b2c53212fbedf77ab49c
-
SSDEEP
24576:syrpgWUuWauTv5LC3pTeBH0fBQB6PfYIR3HvjxTByEuE:brpFK35ACUfBnPfb3PjBB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1