General
-
Target
0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0
-
Size
700KB
-
Sample
241104-zps4dazlbp
-
MD5
c6c906f85bc9b047cfa4e1b33f0b2b51
-
SHA1
3e34734a7201343d4bfc97aa598d17b1020d3d44
-
SHA256
0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0
-
SHA512
5f7810703a9f08789c208d177a0abb8c213758f5ca38da76279e86fa964721dd7efe9e7b9a2ea8bbcde14a0993c89ce61d45c8fddd103db78c43e5d1fea9861b
-
SSDEEP
12288:Py90Q5MBmkNtJrlq6Kjg/d/XUuHbYsock2q3pOegA5U4HGMaajKMVdbo6M9slAEB:PyQmkTJrl/jdv/Usop2kpPhmra2ukL2d
Static task
static1
Behavioral task
behavioral1
Sample
0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0
-
Size
700KB
-
MD5
c6c906f85bc9b047cfa4e1b33f0b2b51
-
SHA1
3e34734a7201343d4bfc97aa598d17b1020d3d44
-
SHA256
0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0
-
SHA512
5f7810703a9f08789c208d177a0abb8c213758f5ca38da76279e86fa964721dd7efe9e7b9a2ea8bbcde14a0993c89ce61d45c8fddd103db78c43e5d1fea9861b
-
SSDEEP
12288:Py90Q5MBmkNtJrlq6Kjg/d/XUuHbYsock2q3pOegA5U4HGMaajKMVdbo6M9slAEB:PyQmkTJrl/jdv/Usop2kpPhmra2ukL2d
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1