General
-
Target
9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee
-
Size
642KB
-
Sample
241109-ftg25aybph
-
MD5
71c5c17e2b3996d9665bb891394dc61e
-
SHA1
5c98136407fbde573108290f8dea533f48f012fe
-
SHA256
9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee
-
SHA512
84210685237d4e75a3f954ae69c022e20d9f5dac4207031781a6eb60b26e25e033ab3072d2d772dba1f184afc825489ab2b35526cd142727825afd86ae8850ec
-
SSDEEP
12288:3y90hssoBqe2VblPMYlktR1ATNn+k6wvioLEzyOKRYzigAq:3yk2kHbBlG1Ap4oLsygLAq
Static task
static1
Behavioral task
behavioral1
Sample
9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee
-
Size
642KB
-
MD5
71c5c17e2b3996d9665bb891394dc61e
-
SHA1
5c98136407fbde573108290f8dea533f48f012fe
-
SHA256
9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee
-
SHA512
84210685237d4e75a3f954ae69c022e20d9f5dac4207031781a6eb60b26e25e033ab3072d2d772dba1f184afc825489ab2b35526cd142727825afd86ae8850ec
-
SSDEEP
12288:3y90hssoBqe2VblPMYlktR1ATNn+k6wvioLEzyOKRYzigAq:3yk2kHbBlG1Ap4oLsygLAq
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1