General
-
Target
dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0
-
Size
558KB
-
Sample
241109-x55q1a1anm
-
MD5
1e6fe4900b1f08f8a20903f8c6949ae4
-
SHA1
8e5f8a769d4f56ee16b80b38122b5967ed93e87a
-
SHA256
dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0
-
SHA512
6b39c2f5347f84ad9af60b5f45cddf3db5b48d81a5f5a86c995d77a22cc5547e12ad715cd1063e80979dcf0ef54850e35c9db3c28a1cac32027ce61114c8f27e
-
SSDEEP
12288:3y90SvK5h87EChL1DBKo45yGcN1fBj8OKpcEGjZVZ:3yrvKTsGo45W1pQOKprGl
Static task
static1
Behavioral task
behavioral1
Sample
dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0
-
Size
558KB
-
MD5
1e6fe4900b1f08f8a20903f8c6949ae4
-
SHA1
8e5f8a769d4f56ee16b80b38122b5967ed93e87a
-
SHA256
dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0
-
SHA512
6b39c2f5347f84ad9af60b5f45cddf3db5b48d81a5f5a86c995d77a22cc5547e12ad715cd1063e80979dcf0ef54850e35c9db3c28a1cac32027ce61114c8f27e
-
SSDEEP
12288:3y90SvK5h87EChL1DBKo45yGcN1fBj8OKpcEGjZVZ:3yrvKTsGo45W1pQOKprGl
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1