General
-
Target
197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5
-
Size
1.4MB
-
Sample
241110-dmtfga1ncq
-
MD5
661f688c0b884f01ddfe7f46a3bc237f
-
SHA1
de9f3917bb68bb8ff76302ed4d7294d60618e8c6
-
SHA256
197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5
-
SHA512
c18bfe84f417045a131b694732a48062b98979e223b11da00abc36e457499c241db0498c852b56768c081be45f9ccb54c73b3f777f34c0a17f0b80cff69a60bd
-
SSDEEP
24576:GyGgh/VmChpl1CWlsntM1bWJHmE4v/reY2nz5LyicUO6N+HQrEYTPepwrl+F:V//1hplnlstM1bW4Pv/rehzJyii+Y+7Q
Static task
static1
Behavioral task
behavioral1
Sample
197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5
-
Size
1.4MB
-
MD5
661f688c0b884f01ddfe7f46a3bc237f
-
SHA1
de9f3917bb68bb8ff76302ed4d7294d60618e8c6
-
SHA256
197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5
-
SHA512
c18bfe84f417045a131b694732a48062b98979e223b11da00abc36e457499c241db0498c852b56768c081be45f9ccb54c73b3f777f34c0a17f0b80cff69a60bd
-
SSDEEP
24576:GyGgh/VmChpl1CWlsntM1bWJHmE4v/reY2nz5LyicUO6N+HQrEYTPepwrl+F:V//1hplnlstM1bW4Pv/rehzJyii+Y+7Q
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1