General
-
Target
9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c
-
Size
1.2MB
-
Sample
241110-bz9l4swhrf
-
MD5
d1a8ead64a222476165403d3cede9d81
-
SHA1
0795bf8c252a142309afb1e1d65e46a30a216c47
-
SHA256
9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c
-
SHA512
2100e4c7df88d2e14b4c8173b55f113f9157752d91da233306e7bdec00b5d1cdb020b0c1576f8910614a38bf9ce7b3e5b0797d61fc42a5e220a95a650ca8c9ea
-
SSDEEP
24576:tyoG8BjoXj9UEl5NYph2kM4o1guMCYajyV:IH4g9UEpihJMN14Yy
Static task
static1
Behavioral task
behavioral1
Sample
9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c
-
Size
1.2MB
-
MD5
d1a8ead64a222476165403d3cede9d81
-
SHA1
0795bf8c252a142309afb1e1d65e46a30a216c47
-
SHA256
9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c
-
SHA512
2100e4c7df88d2e14b4c8173b55f113f9157752d91da233306e7bdec00b5d1cdb020b0c1576f8910614a38bf9ce7b3e5b0797d61fc42a5e220a95a650ca8c9ea
-
SSDEEP
24576:tyoG8BjoXj9UEl5NYph2kM4o1guMCYajyV:IH4g9UEpihJMN14Yy
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1