General
-
Target
4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5
-
Size
547KB
-
Sample
241110-dwyfsayenb
-
MD5
18d7bffcf47c81ac650dec0d0f676917
-
SHA1
acd7b783d25c89d976e5dbdde1f963b7e8652060
-
SHA256
4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5
-
SHA512
daedafda474e2cf9edc67624fabc0fe7b955296f04558a0de08132ae439d9fd7b44297cdc99b3514fce9e0e2f240fa25fe1454b31e182a5baaad7559527b928d
-
SSDEEP
12288:IMrIy90IzLv4pmPsCH9jQMCUQLfIq+Xh:wyUCFQv3c
Static task
static1
Behavioral task
behavioral1
Sample
4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5
-
Size
547KB
-
MD5
18d7bffcf47c81ac650dec0d0f676917
-
SHA1
acd7b783d25c89d976e5dbdde1f963b7e8652060
-
SHA256
4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5
-
SHA512
daedafda474e2cf9edc67624fabc0fe7b955296f04558a0de08132ae439d9fd7b44297cdc99b3514fce9e0e2f240fa25fe1454b31e182a5baaad7559527b928d
-
SSDEEP
12288:IMrIy90IzLv4pmPsCH9jQMCUQLfIq+Xh:wyUCFQv3c
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1