General
-
Target
949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487
-
Size
543KB
-
Sample
241110-dg9v9s1mej
-
MD5
3b3c407e27aef897230db7ad78673e71
-
SHA1
4fe630fe3b1962e7b7a5927cf912715023c0fe3f
-
SHA256
949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487
-
SHA512
35ca1a075a253b845ad798d02b4b539e84ea939e24d9881bf2be4d52f739e406352260d4cbc582510855867d339d1e4e9a03a198d3c90c916c8d1d2ffa5ca2e1
-
SSDEEP
12288:3Mrky90jC2XJvoV9VLTD2fIcPWnmixiE30UtDZwjRO8+9ReluB:/ysZoDVKfZwxD0QwFX+f
Static task
static1
Behavioral task
behavioral1
Sample
949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487
-
Size
543KB
-
MD5
3b3c407e27aef897230db7ad78673e71
-
SHA1
4fe630fe3b1962e7b7a5927cf912715023c0fe3f
-
SHA256
949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487
-
SHA512
35ca1a075a253b845ad798d02b4b539e84ea939e24d9881bf2be4d52f739e406352260d4cbc582510855867d339d1e4e9a03a198d3c90c916c8d1d2ffa5ca2e1
-
SSDEEP
12288:3Mrky90jC2XJvoV9VLTD2fIcPWnmixiE30UtDZwjRO8+9ReluB:/ysZoDVKfZwxD0QwFX+f
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1