General
-
Target
d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a
-
Size
559KB
-
Sample
241104-zh7yyswnav
-
MD5
7cf68d3cb151e882e7b220738bc367a4
-
SHA1
0ea9d423547f040f752f48b620cac44785a68f77
-
SHA256
d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a
-
SHA512
a9b6903df80ae492fc4b6ec3f3f1829f0e06fc075883c0182b45069d2217caa32e4dfa6cf8d50ca72aa4862878ea987abcc9118d4e939c4de4def665e760ca62
-
SSDEEP
12288:Yy90/1NvHDbQ0nPrdEKVIeGFaL9OiXM0Mz23zcrJLfrd:YymNLbZzrVIbFasnOzELB
Static task
static1
Behavioral task
behavioral1
Sample
d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a
-
Size
559KB
-
MD5
7cf68d3cb151e882e7b220738bc367a4
-
SHA1
0ea9d423547f040f752f48b620cac44785a68f77
-
SHA256
d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a
-
SHA512
a9b6903df80ae492fc4b6ec3f3f1829f0e06fc075883c0182b45069d2217caa32e4dfa6cf8d50ca72aa4862878ea987abcc9118d4e939c4de4def665e760ca62
-
SSDEEP
12288:Yy90/1NvHDbQ0nPrdEKVIeGFaL9OiXM0Mz23zcrJLfrd:YymNLbZzrVIbFasnOzELB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1