General
-
Target
d70d95d8d7c093420360473acd66734804bac2cb293c6cd44bfbf28b566d8741
-
Size
1.1MB
-
Sample
241109-fwkwssyclp
-
MD5
9b0231c2ac7793c8b0631d9f61df9c38
-
SHA1
fa153373de7c5e4db632e15e52c803d0f0b816de
-
SHA256
d70d95d8d7c093420360473acd66734804bac2cb293c6cd44bfbf28b566d8741
-
SHA512
038e2a982722edb1bd0d8d33e7a107d9058eacd8f059350dbe150de1c41f85dd3037a668bdae009e61b0dc0304a209e5675754d814cbc13bebe05026eb8c5885
-
SSDEEP
24576:5yvAQp/xkvGN7bYH0fAZ0ph4rFyfBi/vvjWjzFZNQZirjQ:svZ/Y+w056yCvvjWjzFYZ
Static task
static1
Behavioral task
behavioral1
Sample
d70d95d8d7c093420360473acd66734804bac2cb293c6cd44bfbf28b566d8741.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d70d95d8d7c093420360473acd66734804bac2cb293c6cd44bfbf28b566d8741
-
Size
1.1MB
-
MD5
9b0231c2ac7793c8b0631d9f61df9c38
-
SHA1
fa153373de7c5e4db632e15e52c803d0f0b816de
-
SHA256
d70d95d8d7c093420360473acd66734804bac2cb293c6cd44bfbf28b566d8741
-
SHA512
038e2a982722edb1bd0d8d33e7a107d9058eacd8f059350dbe150de1c41f85dd3037a668bdae009e61b0dc0304a209e5675754d814cbc13bebe05026eb8c5885
-
SSDEEP
24576:5yvAQp/xkvGN7bYH0fAZ0ph4rFyfBi/vvjWjzFZNQZirjQ:svZ/Y+w056yCvvjWjzFYZ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1