General
-
Target
95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727
-
Size
530KB
-
Sample
241110-aq9p3swamb
-
MD5
102fbb41c555a8c353a8c642db39f7d5
-
SHA1
b44e604333af575f52bb45c64310dabb4e36faf3
-
SHA256
95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727
-
SHA512
b9d5a4c22ac97f3199f1b8f150cc8329fff407e9d1e79bfb5f4555ae80de5401028fa52e93838c54143b5b901294da76b98655204222bea00c1753fb7dfbb94c
-
SSDEEP
12288:0Mrvy90Oz34E9XzahCKxJ+QS7/ACU43tJCs8nywp:7yZz37d+CM+/U43tJNwp
Static task
static1
Behavioral task
behavioral1
Sample
95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727
-
Size
530KB
-
MD5
102fbb41c555a8c353a8c642db39f7d5
-
SHA1
b44e604333af575f52bb45c64310dabb4e36faf3
-
SHA256
95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727
-
SHA512
b9d5a4c22ac97f3199f1b8f150cc8329fff407e9d1e79bfb5f4555ae80de5401028fa52e93838c54143b5b901294da76b98655204222bea00c1753fb7dfbb94c
-
SSDEEP
12288:0Mrvy90Oz34E9XzahCKxJ+QS7/ACU43tJCs8nywp:7yZz37d+CM+/U43tJNwp
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1