General
-
Target
b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224
-
Size
666KB
-
Sample
241110-bmtecsyqcq
-
MD5
5aa96fc92eef0fd05b8382d93296c588
-
SHA1
fe1c95d494064a258bbffbfe803b09d6751e8c33
-
SHA256
b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224
-
SHA512
6f7b91e7f301b06dd8a8946c08e3cac28e9fb27c812834ecbc6a51ef1dee4f193e4f910c65ec231c7717e152a3dda3b66f6a0d96f161dd514ec273c63190409e
-
SSDEEP
12288:NMrQy90LmTI2QTJZx9xVa2wa2yMwN+ukS0w2EYhW7hq1hGcKDjq5:FyWvtZx9/Ia2HurW7WChGRs
Static task
static1
Behavioral task
behavioral1
Sample
b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruzhpe
pepunn.com:4162
-
auth_value
f735ced96ae8d01d0bd1d514240e54e0
Targets
-
-
Target
b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224
-
Size
666KB
-
MD5
5aa96fc92eef0fd05b8382d93296c588
-
SHA1
fe1c95d494064a258bbffbfe803b09d6751e8c33
-
SHA256
b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224
-
SHA512
6f7b91e7f301b06dd8a8946c08e3cac28e9fb27c812834ecbc6a51ef1dee4f193e4f910c65ec231c7717e152a3dda3b66f6a0d96f161dd514ec273c63190409e
-
SSDEEP
12288:NMrQy90LmTI2QTJZx9xVa2wa2yMwN+ukS0w2EYhW7hq1hGcKDjq5:FyWvtZx9/Ia2HurW7WChGRs
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1