General
-
Target
0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681
-
Size
1.5MB
-
Sample
241109-1hn2hssjft
-
MD5
854cdad4ac5a571dc230c75230a6e8b3
-
SHA1
915cd7a0f33797a95b8783c87bc820c179b42a3b
-
SHA256
0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681
-
SHA512
7e484df54b9cc588cb0615e4bd991e1ef7f3fedb1eaba2603043d47451a37bfbdf5cba7bf870aec2f49a9d9a85dea6d19d680f2b5d07cc10bf7bfa42ff170884
-
SSDEEP
24576:NyragUZGcYpZh6nKd1bwxs0RKyyDYrDk/KjHUxdfrgHAwpq7BbYgknVuBnrY2SMc:oWgxc5K7bKTRhjydfrgvG9YhuBnrAQT
Static task
static1
Behavioral task
behavioral1
Sample
0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681
-
Size
1.5MB
-
MD5
854cdad4ac5a571dc230c75230a6e8b3
-
SHA1
915cd7a0f33797a95b8783c87bc820c179b42a3b
-
SHA256
0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681
-
SHA512
7e484df54b9cc588cb0615e4bd991e1ef7f3fedb1eaba2603043d47451a37bfbdf5cba7bf870aec2f49a9d9a85dea6d19d680f2b5d07cc10bf7bfa42ff170884
-
SSDEEP
24576:NyragUZGcYpZh6nKd1bwxs0RKyyDYrDk/KjHUxdfrgHAwpq7BbYgknVuBnrY2SMc:oWgxc5K7bKTRhjydfrgvG9YhuBnrAQT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1