General
-
Target
faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae
-
Size
694KB
-
Sample
241109-ebxjeszkcn
-
MD5
15c29f6989488058d1f7392e32cfe5d0
-
SHA1
23180899e1d79e2113a131b81507a448eab9a4a2
-
SHA256
faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae
-
SHA512
dc85a9e2f5ba784698fd26bc47870a5db06549147095ba05dcddff79882f24a1895c4cb6aef6f496ab6a562e9aeab98616082b46033dff9f6408c660515ed351
-
SSDEEP
12288:hy90tgcZ64Q+NWUfwqBxjTxVadKGO0alt8Ez7wvqA4gf:hyHs6b+NWwwqZVadKG6L8s7s
Static task
static1
Behavioral task
behavioral1
Sample
faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae
-
Size
694KB
-
MD5
15c29f6989488058d1f7392e32cfe5d0
-
SHA1
23180899e1d79e2113a131b81507a448eab9a4a2
-
SHA256
faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae
-
SHA512
dc85a9e2f5ba784698fd26bc47870a5db06549147095ba05dcddff79882f24a1895c4cb6aef6f496ab6a562e9aeab98616082b46033dff9f6408c660515ed351
-
SSDEEP
12288:hy90tgcZ64Q+NWUfwqBxjTxVadKGO0alt8Ez7wvqA4gf:hyHs6b+NWwwqZVadKG6L8s7s
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1