General
-
Target
807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b
-
Size
704KB
-
Sample
241109-gzb9hazang
-
MD5
4e5c4c7e5ecc20415b9b605d56349598
-
SHA1
5ccea2f35ed29297e46e3272ec3d15c9bd179e47
-
SHA256
807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b
-
SHA512
ca0b7d84d265fe38cf34c66fb98a1d094d834f24dfde392fbd4b8e90d115fee4c435fc30472427aef9661f2ae83285b747ba182e660aebcb0c47d562cd275507
-
SSDEEP
12288:Dy90WMIqFpjWjwCNTP/nOLmt9I1fzCV3Iz/MzE/KOWFWVRYyi7aVDKe:DyzM/Fpj9CNJirM3ILc6WqRYhGH
Static task
static1
Behavioral task
behavioral1
Sample
807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b
-
Size
704KB
-
MD5
4e5c4c7e5ecc20415b9b605d56349598
-
SHA1
5ccea2f35ed29297e46e3272ec3d15c9bd179e47
-
SHA256
807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b
-
SHA512
ca0b7d84d265fe38cf34c66fb98a1d094d834f24dfde392fbd4b8e90d115fee4c435fc30472427aef9661f2ae83285b747ba182e660aebcb0c47d562cd275507
-
SSDEEP
12288:Dy90WMIqFpjWjwCNTP/nOLmt9I1fzCV3Iz/MzE/KOWFWVRYyi7aVDKe:DyzM/Fpj9CNJirM3ILc6WqRYhGH
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1