General
-
Target
2c9521462876f44a3c3ff2300a7b9c4d90924ca4a4e045691f89f1e837becbb0
-
Size
568KB
-
Sample
241109-fls5esxmbw
-
MD5
9830817982d399d4fc989c79cce60959
-
SHA1
a055ed2e3394a773d6996b0a549c00678fa944e3
-
SHA256
2c9521462876f44a3c3ff2300a7b9c4d90924ca4a4e045691f89f1e837becbb0
-
SHA512
927c0e582745fe0cf6ac3e3dddd604b59ee94dcf1c08796f0055c9b84b71edcfb85569bfa6c3801a8211397d7c868847ff98f2e9f2676c40be716a4050c63bd1
-
SSDEEP
12288:0y90pzoxSMQwcFhr+TeDxE9JKOrZm6/UD8n6+6Wl+SvioS:0yScxSHwEDNEPBZSZSqoS
Static task
static1
Behavioral task
behavioral1
Sample
2c9521462876f44a3c3ff2300a7b9c4d90924ca4a4e045691f89f1e837becbb0.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2c9521462876f44a3c3ff2300a7b9c4d90924ca4a4e045691f89f1e837becbb0
-
Size
568KB
-
MD5
9830817982d399d4fc989c79cce60959
-
SHA1
a055ed2e3394a773d6996b0a549c00678fa944e3
-
SHA256
2c9521462876f44a3c3ff2300a7b9c4d90924ca4a4e045691f89f1e837becbb0
-
SHA512
927c0e582745fe0cf6ac3e3dddd604b59ee94dcf1c08796f0055c9b84b71edcfb85569bfa6c3801a8211397d7c868847ff98f2e9f2676c40be716a4050c63bd1
-
SSDEEP
12288:0y90pzoxSMQwcFhr+TeDxE9JKOrZm6/UD8n6+6Wl+SvioS:0yScxSHwEDNEPBZSZSqoS
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1