General
-
Target
09dc8ecfb83082d8048e479535a3f24aa192dd1e2d6ef76539984245e167084a
-
Size
1.1MB
-
Sample
241110-eavcnsyhlb
-
MD5
0b483b91d098990f2d01165885b70593
-
SHA1
0d11d700c0e5be6f533024fb4c17a3fdd769b71d
-
SHA256
09dc8ecfb83082d8048e479535a3f24aa192dd1e2d6ef76539984245e167084a
-
SHA512
c9ce22c3ffbb5d3ee21ddac31f740c836fa85f9c9a05642b0f3f5fc1874fe7df6f8dee3c410149d541a9a88a41b32425a9b67b853609e0ddd0be5243149707bb
-
SSDEEP
24576:9yZbGXN1VfMsu4DVVkXakrpy0+vFWDbqaAE4roR9i47HU:YZbG91Ksu4DVVSacynFWDt
Static task
static1
Behavioral task
behavioral1
Sample
09dc8ecfb83082d8048e479535a3f24aa192dd1e2d6ef76539984245e167084a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
09dc8ecfb83082d8048e479535a3f24aa192dd1e2d6ef76539984245e167084a
-
Size
1.1MB
-
MD5
0b483b91d098990f2d01165885b70593
-
SHA1
0d11d700c0e5be6f533024fb4c17a3fdd769b71d
-
SHA256
09dc8ecfb83082d8048e479535a3f24aa192dd1e2d6ef76539984245e167084a
-
SHA512
c9ce22c3ffbb5d3ee21ddac31f740c836fa85f9c9a05642b0f3f5fc1874fe7df6f8dee3c410149d541a9a88a41b32425a9b67b853609e0ddd0be5243149707bb
-
SSDEEP
24576:9yZbGXN1VfMsu4DVVkXakrpy0+vFWDbqaAE4roR9i47HU:YZbG91Ksu4DVVSacynFWDt
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1