General
-
Target
c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b
-
Size
1.2MB
-
Sample
241111-hf6vfaykcj
-
MD5
ad7a098b64e793c263ab703b0b1a4d51
-
SHA1
ed3954dcb76532ab6c2b1c7dd3457ec636228260
-
SHA256
c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b
-
SHA512
b6ebe52a4bc096f0e981c6f09af3d423087417f5fa96840d66b882f462bcc397bf256f0c0c8820007b87429687d92cf9e30036600a921726967cc8be72aec5e5
-
SSDEEP
24576:nyFfwub9MNwYUooFzBZVaBosAAeVDFGP0krpq8x7xZ:yOq96wQoBKo11DEcoqq
Static task
static1
Behavioral task
behavioral1
Sample
c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b
-
Size
1.2MB
-
MD5
ad7a098b64e793c263ab703b0b1a4d51
-
SHA1
ed3954dcb76532ab6c2b1c7dd3457ec636228260
-
SHA256
c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b
-
SHA512
b6ebe52a4bc096f0e981c6f09af3d423087417f5fa96840d66b882f462bcc397bf256f0c0c8820007b87429687d92cf9e30036600a921726967cc8be72aec5e5
-
SSDEEP
24576:nyFfwub9MNwYUooFzBZVaBosAAeVDFGP0krpq8x7xZ:yOq96wQoBKo11DEcoqq
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1