General
-
Target
04ce0a74ab3d112b1d96c787466203cb9324ca3a749977dd2e53eb2c971092e7
-
Size
539KB
-
Sample
241110-js6wmssgjq
-
MD5
ac8c1802601c9127fbe4d98dc546393f
-
SHA1
221fd03727ee4f8050c3f9bdc40544b37b0362cd
-
SHA256
04ce0a74ab3d112b1d96c787466203cb9324ca3a749977dd2e53eb2c971092e7
-
SHA512
492253e0f9b2f14bf0baa58154efe571722577b75ec59a7dca25ac462f3661d5aa2b4a6b6faae0f8c80c359e7407ea1667a4f999375911de7d6d6775524224b2
-
SSDEEP
12288:mMrty90sz5jUVSqeExgAYcPXGeyw32axGHE3gk6kVNe:DyBz69FGAbzdSkhe
Static task
static1
Behavioral task
behavioral1
Sample
04ce0a74ab3d112b1d96c787466203cb9324ca3a749977dd2e53eb2c971092e7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
04ce0a74ab3d112b1d96c787466203cb9324ca3a749977dd2e53eb2c971092e7
-
Size
539KB
-
MD5
ac8c1802601c9127fbe4d98dc546393f
-
SHA1
221fd03727ee4f8050c3f9bdc40544b37b0362cd
-
SHA256
04ce0a74ab3d112b1d96c787466203cb9324ca3a749977dd2e53eb2c971092e7
-
SHA512
492253e0f9b2f14bf0baa58154efe571722577b75ec59a7dca25ac462f3661d5aa2b4a6b6faae0f8c80c359e7407ea1667a4f999375911de7d6d6775524224b2
-
SSDEEP
12288:mMrty90sz5jUVSqeExgAYcPXGeyw32axGHE3gk6kVNe:DyBz69FGAbzdSkhe
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1