General
-
Target
1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867
-
Size
479KB
-
Sample
241104-re5qes1blh
-
MD5
ddb9477f7027e26b647e157525946306
-
SHA1
52297ffb2bff644da713a6a0d401b36d097cd8c8
-
SHA256
1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867
-
SHA512
7137290b7c86e673a4543104a2509335e6d6b8f6c937af0f67a75cb25087c2922d20d3b471ec9b0b20f201132e9941a0581c0e79ad686f704c5eea5a1a48a44c
-
SSDEEP
6144:K+y+bnr+Xp0yN90QE3FKlUiik+LeWEv5XiFMBygrYiX6CueFTVkQO81OHeWDfk93:eMrzy90XKlCk+9vmBXNTVkxAOG9Ak3
Static task
static1
Behavioral task
behavioral1
Sample
1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867
-
Size
479KB
-
MD5
ddb9477f7027e26b647e157525946306
-
SHA1
52297ffb2bff644da713a6a0d401b36d097cd8c8
-
SHA256
1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867
-
SHA512
7137290b7c86e673a4543104a2509335e6d6b8f6c937af0f67a75cb25087c2922d20d3b471ec9b0b20f201132e9941a0581c0e79ad686f704c5eea5a1a48a44c
-
SSDEEP
6144:K+y+bnr+Xp0yN90QE3FKlUiik+LeWEv5XiFMBygrYiX6CueFTVkQO81OHeWDfk93:eMrzy90XKlCk+9vmBXNTVkxAOG9Ak3
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1