General
-
Target
b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387
-
Size
1.5MB
-
Sample
241109-gnyclaykbw
-
MD5
d4dc8dae19a11faa9da2c28f08e0a80d
-
SHA1
59983b7e9321902c980f0e9c797708a1d29bf2ff
-
SHA256
b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387
-
SHA512
298b8c6608f513f7427a5ddf43b5e5aaa62368143d4dcd6499cf6e0199b6ae1564bb92097f635dcb662ecf61f0411aa5b7648a21ab3971bccd5d6cada821dcf5
-
SSDEEP
24576:LyfeYQYfdpNGgt5RoLtKxcpUOcnSUA7Wj0+YwFGte8sz8D7vz:+G0bhq4uw7Ffnz8D7v
Static task
static1
Behavioral task
behavioral1
Sample
b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387
-
Size
1.5MB
-
MD5
d4dc8dae19a11faa9da2c28f08e0a80d
-
SHA1
59983b7e9321902c980f0e9c797708a1d29bf2ff
-
SHA256
b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387
-
SHA512
298b8c6608f513f7427a5ddf43b5e5aaa62368143d4dcd6499cf6e0199b6ae1564bb92097f635dcb662ecf61f0411aa5b7648a21ab3971bccd5d6cada821dcf5
-
SSDEEP
24576:LyfeYQYfdpNGgt5RoLtKxcpUOcnSUA7Wj0+YwFGte8sz8D7vz:+G0bhq4uw7Ffnz8D7v
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1