General
-
Target
d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf
-
Size
668KB
-
Sample
241111-gvgcnavdjg
-
MD5
21c3baebed5e6609858061388282fd29
-
SHA1
503839b6c186b31f98654872e3929356e11ca612
-
SHA256
d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf
-
SHA512
f25055620892b20a681564072aa1d9f9087770453afb7e5b2b4435ff935eb2bffcb6be4ac9f9387205d68dc0918a3006bee184e555e514142c3ecf045c22c486
-
SSDEEP
12288:tMrqy90bJ6apxaCheAEfxNhsyf2cuMTnUXAFwyNFrf9K4EH4zJ34iygw:DyJapxxheAEzi89oXCwyNF79K/Ihe
Static task
static1
Behavioral task
behavioral1
Sample
d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruzhpe
pepunn.com:4162
-
auth_value
f735ced96ae8d01d0bd1d514240e54e0
Targets
-
-
Target
d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf
-
Size
668KB
-
MD5
21c3baebed5e6609858061388282fd29
-
SHA1
503839b6c186b31f98654872e3929356e11ca612
-
SHA256
d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf
-
SHA512
f25055620892b20a681564072aa1d9f9087770453afb7e5b2b4435ff935eb2bffcb6be4ac9f9387205d68dc0918a3006bee184e555e514142c3ecf045c22c486
-
SSDEEP
12288:tMrqy90bJ6apxaCheAEfxNhsyf2cuMTnUXAFwyNFrf9K4EH4zJ34iygw:DyJapxxheAEzi89oXCwyNF79K/Ihe
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1