General
-
Target
2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
-
Size
695KB
-
Sample
241109-f3phka1nfq
-
MD5
30436baa6e7adc0a2d74848da5c0efc1
-
SHA1
74a9556a658e5b880fede4eed38d4a1b7f026cdf
-
SHA256
2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
-
SHA512
3953aaa0793e85c37fd9c5122e2a4037a869b9c1aca8afa68c767f0aa7a5dd58efe3845e142fd42d72e34408719a7d09c237ef480765e28c913a3c42e0b26eb7
-
SSDEEP
12288:Sy90hPwQ4lprci33OEIoPGjtTesQTQGfBqFXYpcOBbf6jjp89Fe:Syy9WrcDEIIyTQUGpcXYptBbSjj2e
Static task
static1
Behavioral task
behavioral1
Sample
2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
-
Size
695KB
-
MD5
30436baa6e7adc0a2d74848da5c0efc1
-
SHA1
74a9556a658e5b880fede4eed38d4a1b7f026cdf
-
SHA256
2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6
-
SHA512
3953aaa0793e85c37fd9c5122e2a4037a869b9c1aca8afa68c767f0aa7a5dd58efe3845e142fd42d72e34408719a7d09c237ef480765e28c913a3c42e0b26eb7
-
SSDEEP
12288:Sy90hPwQ4lprci33OEIoPGjtTesQTQGfBqFXYpcOBbf6jjp89Fe:Syy9WrcDEIIyTQUGpcXYptBbSjj2e
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1