General
-
Target
8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf
-
Size
535KB
-
Sample
241111-hjns2aykfn
-
MD5
763d82706320303a38fcd016715ddfe7
-
SHA1
b4551cfe898e76d603cad5f51f0283c3d0ff39c0
-
SHA256
8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf
-
SHA512
b637862b17ef101f3d5cc90ed55927b0e4dc954198b744e7b4bfc7ed4bceab63290e7a22c528d9328c7e50a1dbfafb68b78fe4cb59163ce105afeaa7ae820ed7
-
SSDEEP
6144:Kiy+bnr+xp0yN90QE5RdqVKo8IntDHJCOOv3nroaF4FXjCcKfyQA1TFurko14qo9:2MrVy90rqVJt8L3rn6FXmctx5DcUt
Static task
static1
Behavioral task
behavioral1
Sample
8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf
-
Size
535KB
-
MD5
763d82706320303a38fcd016715ddfe7
-
SHA1
b4551cfe898e76d603cad5f51f0283c3d0ff39c0
-
SHA256
8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf
-
SHA512
b637862b17ef101f3d5cc90ed55927b0e4dc954198b744e7b4bfc7ed4bceab63290e7a22c528d9328c7e50a1dbfafb68b78fe4cb59163ce105afeaa7ae820ed7
-
SSDEEP
6144:Kiy+bnr+xp0yN90QE5RdqVKo8IntDHJCOOv3nroaF4FXjCcKfyQA1TFurko14qo9:2MrVy90rqVJt8L3rn6FXmctx5DcUt
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1