General
-
Target
60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81cN
-
Size
388KB
-
Sample
241113-zmm5caslbr
-
MD5
506fcdb16512553b1b27c4a76dcf1ba0
-
SHA1
0015eb0281d2e8d05284717ecf1026196e84a53a
-
SHA256
60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81c
-
SHA512
2244b44f9583d22680b5d2c46760066711f05cc1fa125e3279d883170ef80ba7241d4a00d82cf3fb914df9d332650d2f5f64e2919ebb0886211f1df9a43438a7
-
SSDEEP
6144:Kiy+bnr+gp0yN90QEhy8iiv8JPp40xxnR8urDr+5Gs6glFn874C0Q:eMrQy90HiivAp40R8uTxs6M87p
Static task
static1
Behavioral task
behavioral1
Sample
60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81cN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81cN
-
Size
388KB
-
MD5
506fcdb16512553b1b27c4a76dcf1ba0
-
SHA1
0015eb0281d2e8d05284717ecf1026196e84a53a
-
SHA256
60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81c
-
SHA512
2244b44f9583d22680b5d2c46760066711f05cc1fa125e3279d883170ef80ba7241d4a00d82cf3fb914df9d332650d2f5f64e2919ebb0886211f1df9a43438a7
-
SSDEEP
6144:Kiy+bnr+gp0yN90QEhy8iiv8JPp40xxnR8urDr+5Gs6glFn874C0Q:eMrQy90HiivAp40R8uTxs6M87p
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1