General
-
Target
377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450
-
Size
376KB
-
Sample
241109-eh6exawnex
-
MD5
fdf4ad48c5c9a8f7f85c8dfb461a1702
-
SHA1
ffc2f7486a3568c32b6ce0839222516e9dd666da
-
SHA256
377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450
-
SHA512
4d3668b390fc5070cb4d50bbfe69d23c723205e590b7730ee9bf2ea3d0be0e34cea58223571ac3b5cc1a6ac5567e072c89e2376eb81e325f17ee67625da4045d
-
SSDEEP
6144:Kny+bnr+Hp0yN90QEEbVgUy5uMeyA/oE65PTEYuiVCcZRtNWYP1:NMrTy90jnReyA565oYuiVCcNNn
Static task
static1
Behavioral task
behavioral1
Sample
377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450
-
Size
376KB
-
MD5
fdf4ad48c5c9a8f7f85c8dfb461a1702
-
SHA1
ffc2f7486a3568c32b6ce0839222516e9dd666da
-
SHA256
377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450
-
SHA512
4d3668b390fc5070cb4d50bbfe69d23c723205e590b7730ee9bf2ea3d0be0e34cea58223571ac3b5cc1a6ac5567e072c89e2376eb81e325f17ee67625da4045d
-
SSDEEP
6144:Kny+bnr+Hp0yN90QEEbVgUy5uMeyA/oE65PTEYuiVCcZRtNWYP1:NMrTy90jnReyA565oYuiVCcNNn
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1