General
-
Target
987145348116059ca96d7ad268fde2775e613b4da73499f0cff8683158a5c978
-
Size
828KB
-
Sample
241109-en13daxcrf
-
MD5
2cdd9715f82bd8555df65d402aef2c5a
-
SHA1
e7665f403f3a3e1a228dad76ca0d91e477d39998
-
SHA256
987145348116059ca96d7ad268fde2775e613b4da73499f0cff8683158a5c978
-
SHA512
7fd1ba6ec3357fbad321c91851c03197a23fdb763654f6afdca727259962ada17ce4b593a129e6ffc9facaacc373b65b536eb41c88808678fdf01bc766a40713
-
SSDEEP
12288:1y905qoigyCysbphgywnJNYaTmemoET6tGAeDduW9N387wQIZ0yqgbf597ZSzn:1yeqtgFysbbVwn1TDMT3DduWrNZ+gon
Static task
static1
Behavioral task
behavioral1
Sample
987145348116059ca96d7ad268fde2775e613b4da73499f0cff8683158a5c978.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
987145348116059ca96d7ad268fde2775e613b4da73499f0cff8683158a5c978
-
Size
828KB
-
MD5
2cdd9715f82bd8555df65d402aef2c5a
-
SHA1
e7665f403f3a3e1a228dad76ca0d91e477d39998
-
SHA256
987145348116059ca96d7ad268fde2775e613b4da73499f0cff8683158a5c978
-
SHA512
7fd1ba6ec3357fbad321c91851c03197a23fdb763654f6afdca727259962ada17ce4b593a129e6ffc9facaacc373b65b536eb41c88808678fdf01bc766a40713
-
SSDEEP
12288:1y905qoigyCysbphgywnJNYaTmemoET6tGAeDduW9N387wQIZ0yqgbf597ZSzn:1yeqtgFysbbVwn1TDMT3DduWrNZ+gon
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1