General
-
Target
f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903
-
Size
547KB
-
Sample
241110-dv6e1a1phj
-
MD5
61ebd395a528beff71ce10afbf990737
-
SHA1
a330852935edd4a73424281f9e4d40520cda01c0
-
SHA256
f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903
-
SHA512
05bf3851b7d89b01b963a0dc400c93b42743f7a23d490a9c7e8e2dfb8ca687f4b2ee9fd39590be8da0f45725d86c6e630c855ff35cfef35d4d570997f0a5cae0
-
SSDEEP
12288:vMriy90uK99zIQ5Q78qr8H18VAPBREWanKteQE3iy64bCD:dy49E3r+hREbnK07Soa
Static task
static1
Behavioral task
behavioral1
Sample
f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903
-
Size
547KB
-
MD5
61ebd395a528beff71ce10afbf990737
-
SHA1
a330852935edd4a73424281f9e4d40520cda01c0
-
SHA256
f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903
-
SHA512
05bf3851b7d89b01b963a0dc400c93b42743f7a23d490a9c7e8e2dfb8ca687f4b2ee9fd39590be8da0f45725d86c6e630c855ff35cfef35d4d570997f0a5cae0
-
SSDEEP
12288:vMriy90uK99zIQ5Q78qr8H18VAPBREWanKteQE3iy64bCD:dy49E3r+hREbnK07Soa
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1