General
-
Target
99571d2f823867703f59e07d5a20b050c371911141173f9a6b5998290b9dca32
-
Size
1.2MB
-
Sample
241110-chcfqaxbln
-
MD5
d9f922b355471c5c3d60c9a414c02de3
-
SHA1
7a93ba757ff2030e81f934b365b12dd386e65805
-
SHA256
99571d2f823867703f59e07d5a20b050c371911141173f9a6b5998290b9dca32
-
SHA512
c0c901488f9f5eda8d72258a82a235709b9d0a2fffd32a09b36e99785722d44b65d367a94a4984e4286f95bae11ca00c5943cecfa69128e52db1b4c1c639e91c
-
SSDEEP
24576:7yVC7qVjhmq44RJ0q2VlHTGIV2jH4ndVbGhkIBvvEd:uVC7qd/R2Vlz0jH4njGTBHE
Static task
static1
Behavioral task
behavioral1
Sample
99571d2f823867703f59e07d5a20b050c371911141173f9a6b5998290b9dca32.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
99571d2f823867703f59e07d5a20b050c371911141173f9a6b5998290b9dca32
-
Size
1.2MB
-
MD5
d9f922b355471c5c3d60c9a414c02de3
-
SHA1
7a93ba757ff2030e81f934b365b12dd386e65805
-
SHA256
99571d2f823867703f59e07d5a20b050c371911141173f9a6b5998290b9dca32
-
SHA512
c0c901488f9f5eda8d72258a82a235709b9d0a2fffd32a09b36e99785722d44b65d367a94a4984e4286f95bae11ca00c5943cecfa69128e52db1b4c1c639e91c
-
SSDEEP
24576:7yVC7qVjhmq44RJ0q2VlHTGIV2jH4ndVbGhkIBvvEd:uVC7qd/R2Vlz0jH4njGTBHE
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1