General
-
Target
6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4N
-
Size
683KB
-
Sample
241111-gnhxxavcle
-
MD5
8512096d8e5b740e6c0d051ea6ddc010
-
SHA1
756982fcfc787c0a2e13756e3465b783044fdb5e
-
SHA256
6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4
-
SHA512
c1ee0216bbe83e6896febb5bac3815d01341af06f326d3261a48deef928cecf1e33b837823096db10a1d10a0fd62e1d927c2a95d399b0cc8d6c222a3517fbcbb
-
SSDEEP
12288:VMrBy90qe56ppFFbtYc3LvvVRwgW171F9l/Kd6/lea7eK+yravHvSo+T:UyM56ppv5YcbVgvl/46Ea7eK+LvSoO
Static task
static1
Behavioral task
behavioral1
Sample
6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4N
-
Size
683KB
-
MD5
8512096d8e5b740e6c0d051ea6ddc010
-
SHA1
756982fcfc787c0a2e13756e3465b783044fdb5e
-
SHA256
6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4
-
SHA512
c1ee0216bbe83e6896febb5bac3815d01341af06f326d3261a48deef928cecf1e33b837823096db10a1d10a0fd62e1d927c2a95d399b0cc8d6c222a3517fbcbb
-
SSDEEP
12288:VMrBy90qe56ppFFbtYc3LvvVRwgW171F9l/Kd6/lea7eK+yravHvSo+T:UyM56ppv5YcbVgvl/46Ea7eK+LvSoO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1