General
-
Target
b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a
-
Size
1.0MB
-
Sample
241104-qr5erazgja
-
MD5
adb060fa1374a212355529ef044e2484
-
SHA1
53694464de0e1a748440b50005b401240e62acb8
-
SHA256
b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a
-
SHA512
a3859a79288d6e5087c1917f5c304f6610f1717b9fc7bc8fa5de7e85def752ccdd56d2032559cb0d1b72e245c74ac1a8cc1f75873fff15941f38495db308d9b0
-
SSDEEP
24576:xyhOi27ILV3Q54lDpoQZYvPWAsWWCXrsgmBdhNkYt7ON:khfP3Q5+7amPYXggWO
Static task
static1
Behavioral task
behavioral1
Sample
b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a
-
Size
1.0MB
-
MD5
adb060fa1374a212355529ef044e2484
-
SHA1
53694464de0e1a748440b50005b401240e62acb8
-
SHA256
b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a
-
SHA512
a3859a79288d6e5087c1917f5c304f6610f1717b9fc7bc8fa5de7e85def752ccdd56d2032559cb0d1b72e245c74ac1a8cc1f75873fff15941f38495db308d9b0
-
SSDEEP
24576:xyhOi27ILV3Q54lDpoQZYvPWAsWWCXrsgmBdhNkYt7ON:khfP3Q5+7amPYXggWO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1