General
-
Target
4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c
-
Size
920KB
-
Sample
241109-xsbbmazjbw
-
MD5
6561b1e3508cd78bb7666a9c2a6f8de8
-
SHA1
eb34661d16a50273f38f2d549d64a6a0a30f9f2f
-
SHA256
4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c
-
SHA512
d50b6355f5cf910ddafc238e1d765e0078611075c5e7866b44ca82f23abd57d5ba3138eb4e5bb0c9b0391576b60da16202ad7a73c417f731e7d81298d4728416
-
SSDEEP
24576:TyaC0yfJ5pBXgChpR2cXIWKM44112em9c7NT7oo:ma3439PD2cJjG9c7NT
Static task
static1
Behavioral task
behavioral1
Sample
4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c
-
Size
920KB
-
MD5
6561b1e3508cd78bb7666a9c2a6f8de8
-
SHA1
eb34661d16a50273f38f2d549d64a6a0a30f9f2f
-
SHA256
4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c
-
SHA512
d50b6355f5cf910ddafc238e1d765e0078611075c5e7866b44ca82f23abd57d5ba3138eb4e5bb0c9b0391576b60da16202ad7a73c417f731e7d81298d4728416
-
SSDEEP
24576:TyaC0yfJ5pBXgChpR2cXIWKM44112em9c7NT7oo:ma3439PD2cJjG9c7NT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1