General
-
Target
281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353
-
Size
706KB
-
Sample
241104-zlcl8axarc
-
MD5
59db9eddbcf4ab496013f94b3f55d754
-
SHA1
6d8b3e46e539ddfc25d89c35a1b22e4987372198
-
SHA256
281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353
-
SHA512
c345db4f6f2a2a79f8fd7943ad8a3ff84ba83ec4b587915e81161079e129e6adb42a28e2221666622cdd3f78c35dbc4a6a7cb9b43f10da925f2e729c8b1889a6
-
SSDEEP
12288:Py90oXxWHihGUyNlPHyIaL/CkwwzFfCdrcJY8c0dPZzEVZmpvihi:PyXXxWCClPHcwjrcTcW6VQgi
Static task
static1
Behavioral task
behavioral1
Sample
281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353
-
Size
706KB
-
MD5
59db9eddbcf4ab496013f94b3f55d754
-
SHA1
6d8b3e46e539ddfc25d89c35a1b22e4987372198
-
SHA256
281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353
-
SHA512
c345db4f6f2a2a79f8fd7943ad8a3ff84ba83ec4b587915e81161079e129e6adb42a28e2221666622cdd3f78c35dbc4a6a7cb9b43f10da925f2e729c8b1889a6
-
SSDEEP
12288:Py90oXxWHihGUyNlPHyIaL/CkwwzFfCdrcJY8c0dPZzEVZmpvihi:PyXXxWCClPHcwjrcTcW6VQgi
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1