General
-
Target
20cd183570155f14057bdc2ea18e7198d65c5cb4042dfe55d87b575f2007e015N.exe
-
Size
1.2MB
-
Sample
241111-hkmx5avgrh
-
MD5
ce48174683e6c20aed39934908d2a3f2
-
SHA1
129c0265a97dbfe90339fd598af55231849a008f
-
SHA256
5142102c7da0f3090d6d7a8bc6021dd11d64bcc3040e884514db25148f7f84ec
-
SHA512
f3e6a9faedd2d6c5b00745e36db753edd74a788170680b6e2f8b02baac44045f25e3d9c4981f417f1d002650c886bdc842c3c9304c4b9e1d66ef17117bf8fdeb
-
SSDEEP
24576:dyilyisGwlWiclUxeZDw8AWQ0KXsp/DzlI5nI57HCL43hpbexpk7Z7w0RyC2P0:4iljsM7lUxgW2KYlSI5uwhpbexi7ZM0/
Static task
static1
Behavioral task
behavioral1
Sample
20cd183570155f14057bdc2ea18e7198d65c5cb4042dfe55d87b575f2007e015N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
20cd183570155f14057bdc2ea18e7198d65c5cb4042dfe55d87b575f2007e015N.exe
-
Size
1.2MB
-
MD5
ce48174683e6c20aed39934908d2a3f2
-
SHA1
129c0265a97dbfe90339fd598af55231849a008f
-
SHA256
5142102c7da0f3090d6d7a8bc6021dd11d64bcc3040e884514db25148f7f84ec
-
SHA512
f3e6a9faedd2d6c5b00745e36db753edd74a788170680b6e2f8b02baac44045f25e3d9c4981f417f1d002650c886bdc842c3c9304c4b9e1d66ef17117bf8fdeb
-
SSDEEP
24576:dyilyisGwlWiclUxeZDw8AWQ0KXsp/DzlI5nI57HCL43hpbexpk7Z7w0RyC2P0:4iljsM7lUxgW2KYlSI5uwhpbexi7ZM0/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1