General
-
Target
34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0
-
Size
685KB
-
Sample
241109-fkjjlayalf
-
MD5
490cbe73059051ec7a0c664ed931b87c
-
SHA1
eabef182eedfd668dd8a442b8ac31f6fa2889782
-
SHA256
34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0
-
SHA512
ab887ca00fca3b992964f108b73839cee8cb9442cdf71cb057ede8335b609f0510f7003dcf9282fb7019545629e251bb76bf6630472bcdd5dc4f9559b3c706d3
-
SSDEEP
12288:Py90lHNaHw8Mmw2sDBTqFmyCSzGgBIVbMNHGYmNx5ntwO/oVdBhx:PymAHwIweAS609GtNHn1g/hx
Static task
static1
Behavioral task
behavioral1
Sample
34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0
-
Size
685KB
-
MD5
490cbe73059051ec7a0c664ed931b87c
-
SHA1
eabef182eedfd668dd8a442b8ac31f6fa2889782
-
SHA256
34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0
-
SHA512
ab887ca00fca3b992964f108b73839cee8cb9442cdf71cb057ede8335b609f0510f7003dcf9282fb7019545629e251bb76bf6630472bcdd5dc4f9559b3c706d3
-
SSDEEP
12288:Py90lHNaHw8Mmw2sDBTqFmyCSzGgBIVbMNHGYmNx5ntwO/oVdBhx:PymAHwIweAS609GtNHn1g/hx
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1