General
-
Target
d0f4015a7a544246dbbf62db6010730ab51cf0afd99e8525e7f91c0ac1f5e296
-
Size
539KB
-
Sample
241110-rjbcdaxpdy
-
MD5
48c39a24ac0828411abeb06b2140f228
-
SHA1
01d14546aa0c45b0ffef12d7c30c60f8349ffb3d
-
SHA256
d0f4015a7a544246dbbf62db6010730ab51cf0afd99e8525e7f91c0ac1f5e296
-
SHA512
10811883419a174a917adc018ec6b1666fdccadf90596fd141afb4ce6feb9b154dbe1d5ca76f4e24c0f95883cd2b09b7ac345690e3352c7ce154cc0649a05965
-
SSDEEP
12288:IMrIy90i+1LIcHod8rUuKRVqMe9HiBe6A17p/RHh9:Qyx8toW2RZe1V6A17p/RB9
Static task
static1
Behavioral task
behavioral1
Sample
d0f4015a7a544246dbbf62db6010730ab51cf0afd99e8525e7f91c0ac1f5e296.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
d0f4015a7a544246dbbf62db6010730ab51cf0afd99e8525e7f91c0ac1f5e296
-
Size
539KB
-
MD5
48c39a24ac0828411abeb06b2140f228
-
SHA1
01d14546aa0c45b0ffef12d7c30c60f8349ffb3d
-
SHA256
d0f4015a7a544246dbbf62db6010730ab51cf0afd99e8525e7f91c0ac1f5e296
-
SHA512
10811883419a174a917adc018ec6b1666fdccadf90596fd141afb4ce6feb9b154dbe1d5ca76f4e24c0f95883cd2b09b7ac345690e3352c7ce154cc0649a05965
-
SSDEEP
12288:IMrIy90i+1LIcHod8rUuKRVqMe9HiBe6A17p/RHh9:Qyx8toW2RZe1V6A17p/RB9
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1