General
-
Target
88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f
-
Size
560KB
-
Sample
241109-fscq1sybnb
-
MD5
ec454fadbe376114b0a53509ee0d951f
-
SHA1
f92d3a69d1070700fa40eb06d8e5e860ee88d8cc
-
SHA256
88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f
-
SHA512
a0a01b84598b269f8ba8a83547603d5941cbfb8432f59d47e899adf59bd09d8cd76cd5ba5fa7ab4a37d54e4fa52752378175297534ca48f75386fb743249a4ae
-
SSDEEP
12288:Zy90KNNCDVvW/pap+RzDDtcn5edyLEskO:ZyDr6VO/pap/xbkO
Static task
static1
Behavioral task
behavioral1
Sample
88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f
-
Size
560KB
-
MD5
ec454fadbe376114b0a53509ee0d951f
-
SHA1
f92d3a69d1070700fa40eb06d8e5e860ee88d8cc
-
SHA256
88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f
-
SHA512
a0a01b84598b269f8ba8a83547603d5941cbfb8432f59d47e899adf59bd09d8cd76cd5ba5fa7ab4a37d54e4fa52752378175297534ca48f75386fb743249a4ae
-
SSDEEP
12288:Zy90KNNCDVvW/pap+RzDDtcn5edyLEskO:ZyDr6VO/pap/xbkO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1