General
-
Target
6a0fd52012926bced3c7c551f27ba345b8cdbfe8462f48b81671bde2702e4766
-
Size
1.5MB
-
Sample
241109-d852dswlez
-
MD5
3fea863686ae1eeaaa56b91d7ae2b5ba
-
SHA1
b49cd2d6cea2db1188a9ff27d8bec40342d61691
-
SHA256
6a0fd52012926bced3c7c551f27ba345b8cdbfe8462f48b81671bde2702e4766
-
SHA512
f49e8f295ccca3985fba7ab64029c2dde108ec5bd9de39282c67d63df293c98b215c4bac7bba36e6919905c991dff7b01e3fbdf2bca41a15aeeaa0ff4e969ccc
-
SSDEEP
24576:wy+Tz7NL9zt4a9IJJTFGF5ZTUXXG/Jmav/iIVCPhPfh+r/p:3+Tz7jR92JIFsnGxRacCPJ5
Static task
static1
Behavioral task
behavioral1
Sample
6a0fd52012926bced3c7c551f27ba345b8cdbfe8462f48b81671bde2702e4766.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
6a0fd52012926bced3c7c551f27ba345b8cdbfe8462f48b81671bde2702e4766
-
Size
1.5MB
-
MD5
3fea863686ae1eeaaa56b91d7ae2b5ba
-
SHA1
b49cd2d6cea2db1188a9ff27d8bec40342d61691
-
SHA256
6a0fd52012926bced3c7c551f27ba345b8cdbfe8462f48b81671bde2702e4766
-
SHA512
f49e8f295ccca3985fba7ab64029c2dde108ec5bd9de39282c67d63df293c98b215c4bac7bba36e6919905c991dff7b01e3fbdf2bca41a15aeeaa0ff4e969ccc
-
SSDEEP
24576:wy+Tz7NL9zt4a9IJJTFGF5ZTUXXG/Jmav/iIVCPhPfh+r/p:3+Tz7jR92JIFsnGxRacCPJ5
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1