General
-
Target
d04da2f02bd3b4f90ce3e2def12684d50ca1cb61f228d97bd6e3cda7682b9886
-
Size
1.2MB
-
Sample
241110-b5m1aswhjj
-
MD5
343b47797904e4c7bbbce712089ef8ca
-
SHA1
d112832df05afda7cd58f45fa05cd02179f91073
-
SHA256
d04da2f02bd3b4f90ce3e2def12684d50ca1cb61f228d97bd6e3cda7682b9886
-
SHA512
ed6dd9507f4a92de9a8818508508785978d59eb3ba4bc5b06f1169095a5d7804989e8683a8461953b0e0981ccfabe348a4563c19ae189a6c65beadcb27c36581
-
SSDEEP
24576:dyUopVQkwUlpWUk9B85F7Dv6tiuQR+hHNOK7FAHg57xtKLVltc0qtxsSbT:41pBwepWFki57tZmkvyHqV
Static task
static1
Behavioral task
behavioral1
Sample
d04da2f02bd3b4f90ce3e2def12684d50ca1cb61f228d97bd6e3cda7682b9886.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
d04da2f02bd3b4f90ce3e2def12684d50ca1cb61f228d97bd6e3cda7682b9886
-
Size
1.2MB
-
MD5
343b47797904e4c7bbbce712089ef8ca
-
SHA1
d112832df05afda7cd58f45fa05cd02179f91073
-
SHA256
d04da2f02bd3b4f90ce3e2def12684d50ca1cb61f228d97bd6e3cda7682b9886
-
SHA512
ed6dd9507f4a92de9a8818508508785978d59eb3ba4bc5b06f1169095a5d7804989e8683a8461953b0e0981ccfabe348a4563c19ae189a6c65beadcb27c36581
-
SSDEEP
24576:dyUopVQkwUlpWUk9B85F7Dv6tiuQR+hHNOK7FAHg57xtKLVltc0qtxsSbT:41pBwepWFki57tZmkvyHqV
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1