General
-
Target
8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de
-
Size
919KB
-
Sample
241109-fqvh2syblg
-
MD5
aa9ee0550f42f4a7875efa4ff33dc7b7
-
SHA1
f1d39b41ec9c5b4aba312340eb9715dbfd7135be
-
SHA256
8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de
-
SHA512
1b9488bbb95f38c0a3cc5a26468f43e74e066447b6f9dea9ba53ea4fa301a21203e6a8f60186ffb3bebaacea1b8dd58ded839b66ae1e5cca67eb280b4c856e3e
-
SSDEEP
24576:aymK41zZDbDUMw5CkKApOcu1CD7yraWvN9Ag/vgS:hmK4BZm5pMwGGWVyav
Static task
static1
Behavioral task
behavioral1
Sample
8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de
-
Size
919KB
-
MD5
aa9ee0550f42f4a7875efa4ff33dc7b7
-
SHA1
f1d39b41ec9c5b4aba312340eb9715dbfd7135be
-
SHA256
8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de
-
SHA512
1b9488bbb95f38c0a3cc5a26468f43e74e066447b6f9dea9ba53ea4fa301a21203e6a8f60186ffb3bebaacea1b8dd58ded839b66ae1e5cca67eb280b4c856e3e
-
SSDEEP
24576:aymK41zZDbDUMw5CkKApOcu1CD7yraWvN9Ag/vgS:hmK4BZm5pMwGGWVyav
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1