General
-
Target
106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850N.exe
-
Size
885KB
-
Sample
241112-x26twssmhp
-
MD5
0053ee17adfc32f59d028a9531205b20
-
SHA1
7f408a7fd9bd6597b20ec38557b24d0f6c6c8609
-
SHA256
106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850
-
SHA512
b2b5da4b250c0ba14a82a4c65689df70117776f9ad1e9d9207d564adcac296a9667b84137a99349cbe7df3d347996f1eef5484c660d56f0163a965fc6e2223a3
-
SSDEEP
24576:0yZhfTH0ivuMxIiB7UEu2od5vyCsGTTMucq:DzfTHJfU3qATY9
Static task
static1
Behavioral task
behavioral1
Sample
106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850N.exe
-
Size
885KB
-
MD5
0053ee17adfc32f59d028a9531205b20
-
SHA1
7f408a7fd9bd6597b20ec38557b24d0f6c6c8609
-
SHA256
106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850
-
SHA512
b2b5da4b250c0ba14a82a4c65689df70117776f9ad1e9d9207d564adcac296a9667b84137a99349cbe7df3d347996f1eef5484c660d56f0163a965fc6e2223a3
-
SSDEEP
24576:0yZhfTH0ivuMxIiB7UEu2od5vyCsGTTMucq:DzfTHJfU3qATY9
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1