General
-
Target
ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34
-
Size
690KB
-
Sample
241109-ehmykaxbpe
-
MD5
3189d1b8a1a8d51c05af732377f00fe2
-
SHA1
8a0c7a8328afcb59ca7683519c17e65a57865d78
-
SHA256
ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34
-
SHA512
54cf30a84988921052a7ecdf236116a655995323ca4048344202f231c3d8c8d436bacf3b54f150e27b7a2d30a447e3071d6bd18ae2106164f83446572bfb646b
-
SSDEEP
12288:ey90PwJ5PvfNuWZ0E1gSDaTUBOKPZqhZ2iy04lD2/mxQPeaka:eypp0u5yZ2T92/Yla
Static task
static1
Behavioral task
behavioral1
Sample
ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34
-
Size
690KB
-
MD5
3189d1b8a1a8d51c05af732377f00fe2
-
SHA1
8a0c7a8328afcb59ca7683519c17e65a57865d78
-
SHA256
ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34
-
SHA512
54cf30a84988921052a7ecdf236116a655995323ca4048344202f231c3d8c8d436bacf3b54f150e27b7a2d30a447e3071d6bd18ae2106164f83446572bfb646b
-
SSDEEP
12288:ey90PwJ5PvfNuWZ0E1gSDaTUBOKPZqhZ2iy04lD2/mxQPeaka:eypp0u5yZ2T92/Yla
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1