General
-
Target
a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d
-
Size
1.1MB
-
Sample
241110-bnr8pavrax
-
MD5
fd38a9543798508688ebb18d5c6c86fb
-
SHA1
b67d46bc663a2b115e355a89cc5b17671c75bc28
-
SHA256
a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d
-
SHA512
0265eea966305a5250165bc7fc90046417cfe08c5ef9c5e141f2da511ceacf395e878e8736e43fcadb0df1bd84d379b34b5c4b6182de791120d8be8aa03c2aa4
-
SSDEEP
24576:9y6/HT5pxJZyNt+biIscmYUL0UJol6dyMMRFzXJIV0B9jN6q:Y6r5pxX6ttPYUL0UJYMczXJ1B
Static task
static1
Behavioral task
behavioral1
Sample
a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d
-
Size
1.1MB
-
MD5
fd38a9543798508688ebb18d5c6c86fb
-
SHA1
b67d46bc663a2b115e355a89cc5b17671c75bc28
-
SHA256
a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d
-
SHA512
0265eea966305a5250165bc7fc90046417cfe08c5ef9c5e141f2da511ceacf395e878e8736e43fcadb0df1bd84d379b34b5c4b6182de791120d8be8aa03c2aa4
-
SSDEEP
24576:9y6/HT5pxJZyNt+biIscmYUL0UJol6dyMMRFzXJIV0B9jN6q:Y6r5pxX6ttPYUL0UJYMczXJ1B
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1