General
-
Target
289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5
-
Size
569KB
-
Sample
241109-d8gzkaxajq
-
MD5
fadecf2d1734f4f661f480232b53c4d1
-
SHA1
d13efb9955e2f9e6a71fec0b9ab37a5aeb5106b1
-
SHA256
289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5
-
SHA512
88484b07b522e8dba2a53be39a91da4a455ac4a808640308dbf602d2dd43181e5a208660763231c5fc46271c130b3d1aa76b602e302ec2a91842d9ca8820e8e8
-
SSDEEP
12288:qy90tV9z5H6no3msE/UrJ6kPZ4JxH233ir4eN32UHUoD8Y:qy2PV8sD4WZqs3Sr4e5J028Y
Static task
static1
Behavioral task
behavioral1
Sample
289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5
-
Size
569KB
-
MD5
fadecf2d1734f4f661f480232b53c4d1
-
SHA1
d13efb9955e2f9e6a71fec0b9ab37a5aeb5106b1
-
SHA256
289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5
-
SHA512
88484b07b522e8dba2a53be39a91da4a455ac4a808640308dbf602d2dd43181e5a208660763231c5fc46271c130b3d1aa76b602e302ec2a91842d9ca8820e8e8
-
SSDEEP
12288:qy90tV9z5H6no3msE/UrJ6kPZ4JxH233ir4eN32UHUoD8Y:qy2PV8sD4WZqs3Sr4e5J028Y
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1