General
-
Target
795c2a15520999bcf70d08e2a40825fe60fa02d590e41ff2c968f8b192d5a22f
-
Size
1.0MB
-
Sample
241114-3d95asvfjm
-
MD5
d38ecc53959a711975cd5edd388d71f1
-
SHA1
77b2cbb4f29f2b2e5787a54a1edc219104d6795a
-
SHA256
795c2a15520999bcf70d08e2a40825fe60fa02d590e41ff2c968f8b192d5a22f
-
SHA512
37395d0fd506ad05a3579197007bf3e16ec0b1c591bddbb0f149a2aed7f68f64d5933b0eedea68af1d67c5cd8695619072abfe03c0d4a6e26d2ea66fe060a1da
-
SSDEEP
24576:5ynS0445IHnFxjIgtz0MlwZmhq0NCz375K7dcgaytthBL:snS0445IlxjI0hyZ2ePga6nB
Static task
static1
Behavioral task
behavioral1
Sample
795c2a15520999bcf70d08e2a40825fe60fa02d590e41ff2c968f8b192d5a22f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Targets
-
-
Target
795c2a15520999bcf70d08e2a40825fe60fa02d590e41ff2c968f8b192d5a22f
-
Size
1.0MB
-
MD5
d38ecc53959a711975cd5edd388d71f1
-
SHA1
77b2cbb4f29f2b2e5787a54a1edc219104d6795a
-
SHA256
795c2a15520999bcf70d08e2a40825fe60fa02d590e41ff2c968f8b192d5a22f
-
SHA512
37395d0fd506ad05a3579197007bf3e16ec0b1c591bddbb0f149a2aed7f68f64d5933b0eedea68af1d67c5cd8695619072abfe03c0d4a6e26d2ea66fe060a1da
-
SSDEEP
24576:5ynS0445IHnFxjIgtz0MlwZmhq0NCz375K7dcgaytthBL:snS0445IlxjI0hyZ2ePga6nB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1