General
-
Target
4da71567b07aa12ab34d693d6e965ef965b3bfb010574bd8a0d252a0772c219f
-
Size
1.4MB
-
Sample
241110-awx88svhrp
-
MD5
72bd1a59656096ba51448654bf22a29c
-
SHA1
7aeafbec69a689f3df9d34dceec5aa8c8969cbb7
-
SHA256
4da71567b07aa12ab34d693d6e965ef965b3bfb010574bd8a0d252a0772c219f
-
SHA512
b5c2b9d5ad7a658744c99e2bb45726141c287bb1d1593ce73a96956c1b68a303797893200836daa7bd5d1fd4b04fef7d9e9d9bc893a04b1c87139eced1a40910
-
SSDEEP
24576:8y6gcQeDfLTWsO1mjJJVa4qREQYCdtsy9EtwVEwISC533:rJcNDfLTBO1mLr6BYCj0tQLISC5
Static task
static1
Behavioral task
behavioral1
Sample
4da71567b07aa12ab34d693d6e965ef965b3bfb010574bd8a0d252a0772c219f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
4da71567b07aa12ab34d693d6e965ef965b3bfb010574bd8a0d252a0772c219f
-
Size
1.4MB
-
MD5
72bd1a59656096ba51448654bf22a29c
-
SHA1
7aeafbec69a689f3df9d34dceec5aa8c8969cbb7
-
SHA256
4da71567b07aa12ab34d693d6e965ef965b3bfb010574bd8a0d252a0772c219f
-
SHA512
b5c2b9d5ad7a658744c99e2bb45726141c287bb1d1593ce73a96956c1b68a303797893200836daa7bd5d1fd4b04fef7d9e9d9bc893a04b1c87139eced1a40910
-
SSDEEP
24576:8y6gcQeDfLTWsO1mjJJVa4qREQYCdtsy9EtwVEwISC533:rJcNDfLTBO1mLr6BYCj0tQLISC5
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1