General
-
Target
786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899
-
Size
540KB
-
Sample
241110-gf7w3atpdl
-
MD5
add4034b0bf514372860318124df6ac4
-
SHA1
7bae189860c790fbae4f46f4fdad902bebb50c2c
-
SHA256
786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899
-
SHA512
efbd0efb0b8f047d7c0819a526ae16f7e733ba0a374eff6e5fdea40d64f5f073f1c4452c48fd3fb5749cf820d84057fe4228adc5add7e2794ab09e42a642c427
-
SSDEEP
12288:OMrpy905IC+O1y1trDtB9A9ioPn+ISpFt4QP:XyaIc1y1trZB9A9PtkwG
Static task
static1
Behavioral task
behavioral1
Sample
786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899
-
Size
540KB
-
MD5
add4034b0bf514372860318124df6ac4
-
SHA1
7bae189860c790fbae4f46f4fdad902bebb50c2c
-
SHA256
786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899
-
SHA512
efbd0efb0b8f047d7c0819a526ae16f7e733ba0a374eff6e5fdea40d64f5f073f1c4452c48fd3fb5749cf820d84057fe4228adc5add7e2794ab09e42a642c427
-
SSDEEP
12288:OMrpy905IC+O1y1trDtB9A9ioPn+ISpFt4QP:XyaIc1y1trZB9A9PtkwG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1