General
-
Target
ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098
-
Size
539KB
-
Sample
241110-h8elnasdjl
-
MD5
1c567efb98454c60824115ac1959fb50
-
SHA1
35cac4daa87a773807f0640c58f9e273a63ade98
-
SHA256
ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098
-
SHA512
27c64cbd5f6a182d94c95ff831129b595ae749239ff83e35c09af647f1e788841aed685cd75cc81aed3a53f919bacf63580af129eac0bb3fb212a6e7f59e9c24
-
SSDEEP
12288:YMrty90wgCSCpVTTafqRq/e9HHie6A17Nu1hQM:FyCC7VXnce1Z6A172hL
Static task
static1
Behavioral task
behavioral1
Sample
ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098
-
Size
539KB
-
MD5
1c567efb98454c60824115ac1959fb50
-
SHA1
35cac4daa87a773807f0640c58f9e273a63ade98
-
SHA256
ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098
-
SHA512
27c64cbd5f6a182d94c95ff831129b595ae749239ff83e35c09af647f1e788841aed685cd75cc81aed3a53f919bacf63580af129eac0bb3fb212a6e7f59e9c24
-
SSDEEP
12288:YMrty90wgCSCpVTTafqRq/e9HHie6A17Nu1hQM:FyCC7VXnce1Z6A172hL
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1