General
-
Target
3297aefb8a75ca42f23cba1995ffdbd0dee6f74bdd7eb4547d975598c7a5a1dc
-
Size
1.2MB
-
Sample
241111-gg8vratkds
-
MD5
349b87aaf785237001d6e8f4a14966bd
-
SHA1
50c94c4d5c3d3864335fcb613c39034252481f66
-
SHA256
3297aefb8a75ca42f23cba1995ffdbd0dee6f74bdd7eb4547d975598c7a5a1dc
-
SHA512
9bb728fcdfd57909f5d894f19634e088b24e30ff94d152ffbc0b6c975a5aba97f87648676a4bf082ddc70373478745cdf31c5f62c44b98153fea8d179b4f64a5
-
SSDEEP
24576:HyzEKwCrO2CRAlr1LHOJceOOMqfnQxoYW7FzMMI6nu1E:Szpn28zOmgMqfzYqpMou
Static task
static1
Behavioral task
behavioral1
Sample
3297aefb8a75ca42f23cba1995ffdbd0dee6f74bdd7eb4547d975598c7a5a1dc.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
3297aefb8a75ca42f23cba1995ffdbd0dee6f74bdd7eb4547d975598c7a5a1dc
-
Size
1.2MB
-
MD5
349b87aaf785237001d6e8f4a14966bd
-
SHA1
50c94c4d5c3d3864335fcb613c39034252481f66
-
SHA256
3297aefb8a75ca42f23cba1995ffdbd0dee6f74bdd7eb4547d975598c7a5a1dc
-
SHA512
9bb728fcdfd57909f5d894f19634e088b24e30ff94d152ffbc0b6c975a5aba97f87648676a4bf082ddc70373478745cdf31c5f62c44b98153fea8d179b4f64a5
-
SSDEEP
24576:HyzEKwCrO2CRAlr1LHOJceOOMqfnQxoYW7FzMMI6nu1E:Szpn28zOmgMqfzYqpMou
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1