General
-
Target
2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7
-
Size
1.3MB
-
Sample
241111-gf9ewsxnej
-
MD5
65ab3bb2273d32f714206f04f2269d66
-
SHA1
7da1fd6cc9dc599c18b6ae6a6bf545a0debfaf14
-
SHA256
2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7
-
SHA512
6cd5f74ffa48b1fd4590a47173074f818eb0c7ceeb1009fa085795222c9f5c97fb6057c41232527835328b2990791496359c5114ce2bb7483591359d1e20183a
-
SSDEEP
24576:hyzyGFmXyVkOZhRKvVkvS01YK648gvwRsd7TELMR8l84y+5vjpOp/:UzdFmCmOFcm7YKUowoTR8lB5rpa
Static task
static1
Behavioral task
behavioral1
Sample
2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7
-
Size
1.3MB
-
MD5
65ab3bb2273d32f714206f04f2269d66
-
SHA1
7da1fd6cc9dc599c18b6ae6a6bf545a0debfaf14
-
SHA256
2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7
-
SHA512
6cd5f74ffa48b1fd4590a47173074f818eb0c7ceeb1009fa085795222c9f5c97fb6057c41232527835328b2990791496359c5114ce2bb7483591359d1e20183a
-
SSDEEP
24576:hyzyGFmXyVkOZhRKvVkvS01YK648gvwRsd7TELMR8l84y+5vjpOp/:UzdFmCmOFcm7YKUowoTR8lB5rpa
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1