General
-
Target
4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601
-
Size
557KB
-
Sample
241110-gxydys1frf
-
MD5
1382f20e1a1dc86783a7cb85ccd1358c
-
SHA1
547175c9642d9cafed2f18ea26002328ff5a4a6e
-
SHA256
4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601
-
SHA512
f2e47bd4a29d8314503e7748a001ff3aeaf9a32d1ac55f4887f8afedb365b571643ab1369cf86b9472bd9a3402359328abf72fe3b1968a060c1baf86ff97713d
-
SSDEEP
12288:7Mr6y908ws4RA9ZDP6qO74fPi48JfVfSp2wrJa3y:FyiHuPDP6L+8NhSp2wrJGy
Static task
static1
Behavioral task
behavioral1
Sample
4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601
-
Size
557KB
-
MD5
1382f20e1a1dc86783a7cb85ccd1358c
-
SHA1
547175c9642d9cafed2f18ea26002328ff5a4a6e
-
SHA256
4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601
-
SHA512
f2e47bd4a29d8314503e7748a001ff3aeaf9a32d1ac55f4887f8afedb365b571643ab1369cf86b9472bd9a3402359328abf72fe3b1968a060c1baf86ff97713d
-
SSDEEP
12288:7Mr6y908ws4RA9ZDP6qO74fPi48JfVfSp2wrJa3y:FyiHuPDP6L+8NhSp2wrJGy
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1