General
-
Target
4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294N.exe
-
Size
411KB
-
Sample
241113-rvyl2stdkb
-
MD5
b613a44fe3110db50bd7006dbf785a10
-
SHA1
7f6f853ecea4a40305389e3b901c48665a65be0e
-
SHA256
4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294
-
SHA512
f003700c780a040f350e30653754a4725ff155fecc8f1b31222e3450c6e0138cf3b69bd06c8353d264a7566f400fafeee7cbeec7b98cd5360cbbb362429a72b9
-
SSDEEP
6144:Kgy+bnr+Ip0yN90QEYFVmkPoMT4nQ+dAMwPNDCg7Gc/aeqMDpe3j:IMrMy90odW9drwtH7GcCelD8
Static task
static1
Behavioral task
behavioral1
Sample
4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ruzhpe
pepunn.com:4162
-
auth_value
f735ced96ae8d01d0bd1d514240e54e0
Targets
-
-
Target
4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294N.exe
-
Size
411KB
-
MD5
b613a44fe3110db50bd7006dbf785a10
-
SHA1
7f6f853ecea4a40305389e3b901c48665a65be0e
-
SHA256
4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294
-
SHA512
f003700c780a040f350e30653754a4725ff155fecc8f1b31222e3450c6e0138cf3b69bd06c8353d264a7566f400fafeee7cbeec7b98cd5360cbbb362429a72b9
-
SSDEEP
6144:Kgy+bnr+Ip0yN90QEYFVmkPoMT4nQ+dAMwPNDCg7Gc/aeqMDpe3j:IMrMy90odW9drwtH7GcCelD8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1