General
-
Target
7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365
-
Size
691KB
-
Sample
241109-ed6j4szkgj
-
MD5
135e833eba52dc3a629f9db8dafa94a3
-
SHA1
20c2b9be22893d577396cc17a9f5a7d3cb29e650
-
SHA256
7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365
-
SHA512
b180bb2bfd94af9fa66dc84bde158a26df3b0e66594a047d397f6921be8557b294032b1e32e6ade770fe4b410e5ad34918ec54c525f0a92853c9dca6c6200d28
-
SSDEEP
12288:+y90YDZ6hErxzJBv0bVpBL3mqp4SuyCZR4V/e2m7zfKANB3P32xUL:+y/ldzJNYX3mfygsG2hANQOL
Static task
static1
Behavioral task
behavioral1
Sample
7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365
-
Size
691KB
-
MD5
135e833eba52dc3a629f9db8dafa94a3
-
SHA1
20c2b9be22893d577396cc17a9f5a7d3cb29e650
-
SHA256
7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365
-
SHA512
b180bb2bfd94af9fa66dc84bde158a26df3b0e66594a047d397f6921be8557b294032b1e32e6ade770fe4b410e5ad34918ec54c525f0a92853c9dca6c6200d28
-
SSDEEP
12288:+y90YDZ6hErxzJBv0bVpBL3mqp4SuyCZR4V/e2m7zfKANB3P32xUL:+y/ldzJNYX3mfygsG2hANQOL
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1