General
-
Target
ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094N
-
Size
668KB
-
Sample
241110-a7wvjsvnfz
-
MD5
22951d96e0492dd11c505df0db8e4ac0
-
SHA1
cacc6395f829abdfd912ce102489e3ce53b0db73
-
SHA256
ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094
-
SHA512
f9fc28db466df29e9da862d20048cf48823132dace87fd2f3c79281cc0d300afb6d2b937bbf3d67fcc20d6f642d629e9474d99a56938612b3499991cb549a6dc
-
SSDEEP
12288:pMriy90ircwlKl16RSu6jBQnOAzwEfxeE2auuTnCXAFwgNFrf9K4E34JJIzA:fyqLruNnTzwEcEL+XCwgNF79KvS2zA
Static task
static1
Behavioral task
behavioral1
Sample
ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruzhpe
pepunn.com:4162
-
auth_value
f735ced96ae8d01d0bd1d514240e54e0
Targets
-
-
Target
ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094N
-
Size
668KB
-
MD5
22951d96e0492dd11c505df0db8e4ac0
-
SHA1
cacc6395f829abdfd912ce102489e3ce53b0db73
-
SHA256
ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094
-
SHA512
f9fc28db466df29e9da862d20048cf48823132dace87fd2f3c79281cc0d300afb6d2b937bbf3d67fcc20d6f642d629e9474d99a56938612b3499991cb549a6dc
-
SSDEEP
12288:pMriy90ircwlKl16RSu6jBQnOAzwEfxeE2auuTnCXAFwgNFrf9K4E34JJIzA:fyqLruNnTzwEcEL+XCwgNF79KvS2zA
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1