General
-
Target
edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389
-
Size
562KB
-
Sample
241109-1h43qsshlj
-
MD5
6de0507cc202f3dcc63cb33717c76dc7
-
SHA1
d003d86bcd795851abe4ebfc9304e7a6f861efc5
-
SHA256
edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389
-
SHA512
d846bb75a7bca676a468f7506a689aeea61d2b735fa0023d96ae7e283e2474ba96b7a6f17898ebb87e883f61e51bd9aabaacf9750b7938848d76ca1e8c20c982
-
SSDEEP
12288:7y90Et8Q9Ce3NbpVBk6I91jLtuBMIzbdsrdi2vP689ix:7yvtPMe3d/q6I913t4+42Kgc
Static task
static1
Behavioral task
behavioral1
Sample
edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389
-
Size
562KB
-
MD5
6de0507cc202f3dcc63cb33717c76dc7
-
SHA1
d003d86bcd795851abe4ebfc9304e7a6f861efc5
-
SHA256
edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389
-
SHA512
d846bb75a7bca676a468f7506a689aeea61d2b735fa0023d96ae7e283e2474ba96b7a6f17898ebb87e883f61e51bd9aabaacf9750b7938848d76ca1e8c20c982
-
SSDEEP
12288:7y90Et8Q9Ce3NbpVBk6I91jLtuBMIzbdsrdi2vP689ix:7yvtPMe3d/q6I913t4+42Kgc
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1