General
-
Target
f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a
-
Size
829KB
-
Sample
241109-xnjr7szfje
-
MD5
d7c5bca97fdf88ecaba713b339f9a276
-
SHA1
0374c95d6e77bad470892729ee943c42320b7a82
-
SHA256
f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a
-
SHA512
d9a93095cca4bc146f3d3ffa030715fef22a8fe15d2f840ff6e50c377d128694b56baae029ba1540b45c457b5fe9fa217d184cf0a75f4df042c8b1afc4f05da3
-
SSDEEP
24576:TyNDNK6e2EJHPngaR/gRZ0j4b+xzmdRo:m9sYEdPgaR00j4axzmL
Static task
static1
Behavioral task
behavioral1
Sample
f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a
-
Size
829KB
-
MD5
d7c5bca97fdf88ecaba713b339f9a276
-
SHA1
0374c95d6e77bad470892729ee943c42320b7a82
-
SHA256
f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a
-
SHA512
d9a93095cca4bc146f3d3ffa030715fef22a8fe15d2f840ff6e50c377d128694b56baae029ba1540b45c457b5fe9fa217d184cf0a75f4df042c8b1afc4f05da3
-
SSDEEP
24576:TyNDNK6e2EJHPngaR/gRZ0j4b+xzmdRo:m9sYEdPgaR00j4axzmL
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1