General
-
Target
d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795
-
Size
558KB
-
Sample
241109-gnh8nsyhkl
-
MD5
131f3f5892bf506879c0cd9e3bc2803e
-
SHA1
f919d0f90554f3b866a2b823c719fe95ec1748fa
-
SHA256
d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795
-
SHA512
0e86a591670fb2a68a71395ba492543bdc531642b43a16ea5c173f45a143aa3a915c4930c636548d478a14bc8252c9c590b078574cc113a6399c7f17185ba5ab
-
SSDEEP
12288:Ty90bapx7dwW5RetNMYpAyQ2DDuaixqBdpw06tbiu4MuU:TyW8CWbePvIkXC0W54MB
Static task
static1
Behavioral task
behavioral1
Sample
d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795
-
Size
558KB
-
MD5
131f3f5892bf506879c0cd9e3bc2803e
-
SHA1
f919d0f90554f3b866a2b823c719fe95ec1748fa
-
SHA256
d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795
-
SHA512
0e86a591670fb2a68a71395ba492543bdc531642b43a16ea5c173f45a143aa3a915c4930c636548d478a14bc8252c9c590b078574cc113a6399c7f17185ba5ab
-
SSDEEP
12288:Ty90bapx7dwW5RetNMYpAyQ2DDuaixqBdpw06tbiu4MuU:TyW8CWbePvIkXC0W54MB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1