General
-
Target
9aab3200c8f8efbc6836b64f065f6cc227f737dce5cf6e5fcea2bb039aa182a0.exe
-
Size
893KB
-
Sample
241113-zm9cksslcm
-
MD5
68afefbf155eb57b8929cf15dac0f73e
-
SHA1
2e6dfa52a13be00f92546ff81f802cf2deb3205f
-
SHA256
9aab3200c8f8efbc6836b64f065f6cc227f737dce5cf6e5fcea2bb039aa182a0
-
SHA512
7bf83aaf2037f447f4b8f51d4b5626093118c2586aaadd902397142903192b85cc702e5378378f4223f09cc1f013c2433b4bf7969e657a61596a410934f85ed5
-
SSDEEP
12288:xMrry90APnpuVZ3ftBG/ELcFde1pBTJZKVT9fgCFNAs4ZLZDMqN1aUBOQJYs6AKz:6ylQVFfbGELcLwKB9fggtYKY1aU/wWjI
Static task
static1
Behavioral task
behavioral1
Sample
9aab3200c8f8efbc6836b64f065f6cc227f737dce5cf6e5fcea2bb039aa182a0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
9aab3200c8f8efbc6836b64f065f6cc227f737dce5cf6e5fcea2bb039aa182a0.exe
-
Size
893KB
-
MD5
68afefbf155eb57b8929cf15dac0f73e
-
SHA1
2e6dfa52a13be00f92546ff81f802cf2deb3205f
-
SHA256
9aab3200c8f8efbc6836b64f065f6cc227f737dce5cf6e5fcea2bb039aa182a0
-
SHA512
7bf83aaf2037f447f4b8f51d4b5626093118c2586aaadd902397142903192b85cc702e5378378f4223f09cc1f013c2433b4bf7969e657a61596a410934f85ed5
-
SSDEEP
12288:xMrry90APnpuVZ3ftBG/ELcFde1pBTJZKVT9fgCFNAs4ZLZDMqN1aUBOQJYs6AKz:6ylQVFfbGELcLwKB9fggtYKY1aU/wWjI
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1