General
-
Target
7bcdf302cd6bf3b585eb45c0a47e7cd71dbb5016d0013d598cf3e738f55dd5f8
-
Size
1.1MB
-
Sample
241110-d16b7aydpr
-
MD5
af7fe7fb3bba3b19c0503779c5c9f349
-
SHA1
166357dcc4a7a40c7440bcfcfe91292a12d53189
-
SHA256
7bcdf302cd6bf3b585eb45c0a47e7cd71dbb5016d0013d598cf3e738f55dd5f8
-
SHA512
030b604c747a89a4ef137e0305228810e99eb0fc663b11c12eddd4ef38d8a25735cd929b500faee91e850bb4e7224d15f13f44197fff085eba6cac1ac6b56ef3
-
SSDEEP
24576:3ytSO8J6CdZxeg/kQ1J9AlrDSQqzNKMY1jaswzqBl7jahqridz:CtSncCTEgV1JZQfX2swmBlLri
Static task
static1
Behavioral task
behavioral1
Sample
7bcdf302cd6bf3b585eb45c0a47e7cd71dbb5016d0013d598cf3e738f55dd5f8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
7bcdf302cd6bf3b585eb45c0a47e7cd71dbb5016d0013d598cf3e738f55dd5f8
-
Size
1.1MB
-
MD5
af7fe7fb3bba3b19c0503779c5c9f349
-
SHA1
166357dcc4a7a40c7440bcfcfe91292a12d53189
-
SHA256
7bcdf302cd6bf3b585eb45c0a47e7cd71dbb5016d0013d598cf3e738f55dd5f8
-
SHA512
030b604c747a89a4ef137e0305228810e99eb0fc663b11c12eddd4ef38d8a25735cd929b500faee91e850bb4e7224d15f13f44197fff085eba6cac1ac6b56ef3
-
SSDEEP
24576:3ytSO8J6CdZxeg/kQ1J9AlrDSQqzNKMY1jaswzqBl7jahqridz:CtSncCTEgV1JZQfX2swmBlLri
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1