General

  • Target

    49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8N.exe

  • Size

    550KB

  • Sample

    241113-rexptatcrj

  • MD5

    22e11c7be8acbbd29148b5a18e600b40

  • SHA1

    a6a5e8a3af9d6ccb8a26b922927013aa2c3b3581

  • SHA256

    49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8

  • SHA512

    fc75d33503c3e92133d0fb84a000c520fd7fc3dde03c7f74c4463c52695758d1f4aa0b367b8ed146ab979e0e634b0c747e45879c83567fe9a2b0da1e655cd3ac

  • SSDEEP

    12288:LMrCy90SErDA6JOk0xbCB9mkDEYcnRbwvTSYdTS2c:5yhErDA6JOXmDq0L2l

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Targets

    • Target

      49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8N.exe

    • Size

      550KB

    • MD5

      22e11c7be8acbbd29148b5a18e600b40

    • SHA1

      a6a5e8a3af9d6ccb8a26b922927013aa2c3b3581

    • SHA256

      49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8

    • SHA512

      fc75d33503c3e92133d0fb84a000c520fd7fc3dde03c7f74c4463c52695758d1f4aa0b367b8ed146ab979e0e634b0c747e45879c83567fe9a2b0da1e655cd3ac

    • SSDEEP

      12288:LMrCy90SErDA6JOk0xbCB9mkDEYcnRbwvTSYdTS2c:5yhErDA6JOXmDq0L2l

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks