General
-
Target
880b879509fd3f3d8576d99395ddd5ab25a2fee538106a2df4f410d8d9375ece
-
Size
543KB
-
Sample
241110-dmebjs1nck
-
MD5
a4bb821b74275c6b4da3df36b509797d
-
SHA1
51454eb93f3dba90b54b88bfd1feb6b050acd297
-
SHA256
880b879509fd3f3d8576d99395ddd5ab25a2fee538106a2df4f410d8d9375ece
-
SHA512
73f507b14f2ee03594eb75ba9338ed5ab34e53e369348d6ac2b5ff3c7010cc70170850378e95a508a73764cc81574becfb71b4664471cbbbe451530918e0fa03
-
SSDEEP
12288:6Mrgy90ESG2yYkEJyyGrYM29Ny3QGQeTqF:6yLSGPEJyyGrYHe13T+
Static task
static1
Behavioral task
behavioral1
Sample
880b879509fd3f3d8576d99395ddd5ab25a2fee538106a2df4f410d8d9375ece.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
880b879509fd3f3d8576d99395ddd5ab25a2fee538106a2df4f410d8d9375ece
-
Size
543KB
-
MD5
a4bb821b74275c6b4da3df36b509797d
-
SHA1
51454eb93f3dba90b54b88bfd1feb6b050acd297
-
SHA256
880b879509fd3f3d8576d99395ddd5ab25a2fee538106a2df4f410d8d9375ece
-
SHA512
73f507b14f2ee03594eb75ba9338ed5ab34e53e369348d6ac2b5ff3c7010cc70170850378e95a508a73764cc81574becfb71b4664471cbbbe451530918e0fa03
-
SSDEEP
12288:6Mrgy90ESG2yYkEJyyGrYM29Ny3QGQeTqF:6yLSGPEJyyGrYHe13T+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1