General
-
Target
97b06d243fcfff266c7d94a7610cd02e5bf784426b5c7d638d833ce68dd9af0f
-
Size
558KB
-
Sample
241110-eael8ayhjh
-
MD5
c3b5f68b2c11775a5f356861c8b4a59e
-
SHA1
8dce73fcf0320178cd16cf24513570f208e15c29
-
SHA256
97b06d243fcfff266c7d94a7610cd02e5bf784426b5c7d638d833ce68dd9af0f
-
SHA512
119ba3f1d8c6190d18b62175c5c7b591d05d795d1fcd18ae84b8eb4797a643a550b60515b1becd8d85416d073e51ec90b258f3ce28492c65088b99b924c07296
-
SSDEEP
12288:eMrmy90tVZTVLYJ21j0I9dHNrBP7bYcp8y+ehE6:wykDVLj1j0mtNV7rp8dem6
Static task
static1
Behavioral task
behavioral1
Sample
97b06d243fcfff266c7d94a7610cd02e5bf784426b5c7d638d833ce68dd9af0f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruzhpe
pepunn.com:4162
-
auth_value
f735ced96ae8d01d0bd1d514240e54e0
Targets
-
-
Target
97b06d243fcfff266c7d94a7610cd02e5bf784426b5c7d638d833ce68dd9af0f
-
Size
558KB
-
MD5
c3b5f68b2c11775a5f356861c8b4a59e
-
SHA1
8dce73fcf0320178cd16cf24513570f208e15c29
-
SHA256
97b06d243fcfff266c7d94a7610cd02e5bf784426b5c7d638d833ce68dd9af0f
-
SHA512
119ba3f1d8c6190d18b62175c5c7b591d05d795d1fcd18ae84b8eb4797a643a550b60515b1becd8d85416d073e51ec90b258f3ce28492c65088b99b924c07296
-
SSDEEP
12288:eMrmy90tVZTVLYJ21j0I9dHNrBP7bYcp8y+ehE6:wykDVLj1j0mtNV7rp8dem6
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1