General
-
Target
66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a
-
Size
568KB
-
Sample
241109-eg5f8axbnh
-
MD5
981860311d3cc450d9ff35cda99bc5b9
-
SHA1
fabef866c86ec97f76003269412a6cc9ba8687cf
-
SHA256
66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a
-
SHA512
563133c559bb44c22ce8e9ad629acc6a8c3618c1e31ef84796a919e20aaea32a44aace9a861317a53d073088aadbc09e12b86e897214528b35e7c166a75b044f
-
SSDEEP
12288:4y90rXKTdRDh7qurprpiYtOcXgE4poIdx0:4y+XGdR1eTYtnKL0
Static task
static1
Behavioral task
behavioral1
Sample
66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a
-
Size
568KB
-
MD5
981860311d3cc450d9ff35cda99bc5b9
-
SHA1
fabef866c86ec97f76003269412a6cc9ba8687cf
-
SHA256
66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a
-
SHA512
563133c559bb44c22ce8e9ad629acc6a8c3618c1e31ef84796a919e20aaea32a44aace9a861317a53d073088aadbc09e12b86e897214528b35e7c166a75b044f
-
SSDEEP
12288:4y90rXKTdRDh7qurprpiYtOcXgE4poIdx0:4y+XGdR1eTYtnKL0
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1