General
-
Target
1058e55a7135b8e8dfa3809f3b0b5e285b16ae1b27429c7b1ff31620d7057257N
-
Size
1.2MB
-
Sample
241111-gvjssaxqbr
-
MD5
6c3a973b3046c23ef59d372b4ee28e10
-
SHA1
5f155decbb7c2e083a663247b9ae200cc910e4f4
-
SHA256
1058e55a7135b8e8dfa3809f3b0b5e285b16ae1b27429c7b1ff31620d7057257
-
SHA512
c87316c2f167ecabd36e84d6db58928839ce14eda11a8ead866c19a141875aef2bb12ba4aecf67ab2d09fbe53afa4700b03a44c0ccd0aa96474ce83fa21e25b4
-
SSDEEP
24576:/yZBNmx+6ueko9UxTxOtZi3FcAAcpi3UedYJwlK/kvlr:K886uuCxOtBSApamKu
Static task
static1
Behavioral task
behavioral1
Sample
1058e55a7135b8e8dfa3809f3b0b5e285b16ae1b27429c7b1ff31620d7057257N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
1058e55a7135b8e8dfa3809f3b0b5e285b16ae1b27429c7b1ff31620d7057257N
-
Size
1.2MB
-
MD5
6c3a973b3046c23ef59d372b4ee28e10
-
SHA1
5f155decbb7c2e083a663247b9ae200cc910e4f4
-
SHA256
1058e55a7135b8e8dfa3809f3b0b5e285b16ae1b27429c7b1ff31620d7057257
-
SHA512
c87316c2f167ecabd36e84d6db58928839ce14eda11a8ead866c19a141875aef2bb12ba4aecf67ab2d09fbe53afa4700b03a44c0ccd0aa96474ce83fa21e25b4
-
SSDEEP
24576:/yZBNmx+6ueko9UxTxOtZi3FcAAcpi3UedYJwlK/kvlr:K886uuCxOtBSApamKu
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1