General
-
Target
dc99e78beba33e9f62a1bc6ffd7296a29eee738f4dd46ee20e99ab927da62453
-
Size
1.1MB
-
Sample
241110-arm8gavhjq
-
MD5
b37243b6721d3159cc7bf31e81a7e20b
-
SHA1
bfa9b66dfcdfc45fa4bd1eb972cf6fc540e39911
-
SHA256
dc99e78beba33e9f62a1bc6ffd7296a29eee738f4dd46ee20e99ab927da62453
-
SHA512
effcc08c324d43af860f56b216f4a0c953d841cef3f7f97be474e5260493d65291c9d957b2fc5ecb61068d699ec09809923d1172b457ac6cf17e2238878ae666
-
SSDEEP
24576:UyRy0WE+hWQjtuctxlMAUJiMAbINP2NPNt7sxe/lNLJZ:jRy0W/wQjt9txajsMAbeeJ30e/d
Static task
static1
Behavioral task
behavioral1
Sample
dc99e78beba33e9f62a1bc6ffd7296a29eee738f4dd46ee20e99ab927da62453.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
dc99e78beba33e9f62a1bc6ffd7296a29eee738f4dd46ee20e99ab927da62453
-
Size
1.1MB
-
MD5
b37243b6721d3159cc7bf31e81a7e20b
-
SHA1
bfa9b66dfcdfc45fa4bd1eb972cf6fc540e39911
-
SHA256
dc99e78beba33e9f62a1bc6ffd7296a29eee738f4dd46ee20e99ab927da62453
-
SHA512
effcc08c324d43af860f56b216f4a0c953d841cef3f7f97be474e5260493d65291c9d957b2fc5ecb61068d699ec09809923d1172b457ac6cf17e2238878ae666
-
SSDEEP
24576:UyRy0WE+hWQjtuctxlMAUJiMAbINP2NPNt7sxe/lNLJZ:jRy0W/wQjt9txajsMAbeeJ30e/d
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1