General
-
Target
cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b
-
Size
653KB
-
Sample
241109-fjffjs1kcj
-
MD5
9f854e0263a0e0538da1c2b596a3f93f
-
SHA1
6922409845c1d42403392c5e3f6d2a5187547fd1
-
SHA256
cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b
-
SHA512
172ba98ddd9faefc47844311936fa9dd3c485a82d2a8731fe7b4af83dad6ff056409e72f8159601c2dc1b3060874a671d3aac085424151a374cbdbe22a384978
-
SSDEEP
12288:uy90uFdjii4NWhhbCRzJU2s/uHeLve2PGzc3vNBaZZ24gg8CnI:uyD4c9CpJjsueL22tvNTuI
Static task
static1
Behavioral task
behavioral1
Sample
cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b
-
Size
653KB
-
MD5
9f854e0263a0e0538da1c2b596a3f93f
-
SHA1
6922409845c1d42403392c5e3f6d2a5187547fd1
-
SHA256
cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b
-
SHA512
172ba98ddd9faefc47844311936fa9dd3c485a82d2a8731fe7b4af83dad6ff056409e72f8159601c2dc1b3060874a671d3aac085424151a374cbdbe22a384978
-
SSDEEP
12288:uy90uFdjii4NWhhbCRzJU2s/uHeLve2PGzc3vNBaZZ24gg8CnI:uyD4c9CpJjsueL22tvNTuI
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1