General
-
Target
8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0
-
Size
704KB
-
Sample
241109-gysvvszanb
-
MD5
5e8e2720dd5ee31dc37d4ce989db6a6d
-
SHA1
9fe9adf39cf2b8430b66bb4a39931f84dcaeada6
-
SHA256
8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0
-
SHA512
eccac50d6ccb7a1c6c1a5f73a3d955dc4f325379cb21deac922267614f32ec2292d016663bbb3b22bce6d3378aa8713537ca0e83933e75662b1bb88e89e215dc
-
SSDEEP
12288:Py90UYLCTCp4UWokEdJ0nrue2t1vB9RCTkZMI4HKhWS2PwcA+umB+HnMWCbiPK61:PyHsCwWokEdJq+j9aqjdhWS+y+uqMnpN
Static task
static1
Behavioral task
behavioral1
Sample
8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0
-
Size
704KB
-
MD5
5e8e2720dd5ee31dc37d4ce989db6a6d
-
SHA1
9fe9adf39cf2b8430b66bb4a39931f84dcaeada6
-
SHA256
8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0
-
SHA512
eccac50d6ccb7a1c6c1a5f73a3d955dc4f325379cb21deac922267614f32ec2292d016663bbb3b22bce6d3378aa8713537ca0e83933e75662b1bb88e89e215dc
-
SSDEEP
12288:Py90UYLCTCp4UWokEdJ0nrue2t1vB9RCTkZMI4HKhWS2PwcA+umB+HnMWCbiPK61:PyHsCwWokEdJq+j9aqjdhWS+y+uqMnpN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1