General
-
Target
49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8N.exe
-
Size
550KB
-
Sample
241113-rexptatcrj
-
MD5
22e11c7be8acbbd29148b5a18e600b40
-
SHA1
a6a5e8a3af9d6ccb8a26b922927013aa2c3b3581
-
SHA256
49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8
-
SHA512
fc75d33503c3e92133d0fb84a000c520fd7fc3dde03c7f74c4463c52695758d1f4aa0b367b8ed146ab979e0e634b0c747e45879c83567fe9a2b0da1e655cd3ac
-
SSDEEP
12288:LMrCy90SErDA6JOk0xbCB9mkDEYcnRbwvTSYdTS2c:5yhErDA6JOXmDq0L2l
Static task
static1
Behavioral task
behavioral1
Sample
49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruzhpe
pepunn.com:4162
-
auth_value
f735ced96ae8d01d0bd1d514240e54e0
Targets
-
-
Target
49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8N.exe
-
Size
550KB
-
MD5
22e11c7be8acbbd29148b5a18e600b40
-
SHA1
a6a5e8a3af9d6ccb8a26b922927013aa2c3b3581
-
SHA256
49e5e2b50874fdc3314e1e0ecbdb125ceb8da779ced96895dc98b4bde3fb0ad8
-
SHA512
fc75d33503c3e92133d0fb84a000c520fd7fc3dde03c7f74c4463c52695758d1f4aa0b367b8ed146ab979e0e634b0c747e45879c83567fe9a2b0da1e655cd3ac
-
SSDEEP
12288:LMrCy90SErDA6JOk0xbCB9mkDEYcnRbwvTSYdTS2c:5yhErDA6JOXmDq0L2l
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1