General
-
Target
a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b
-
Size
1.1MB
-
Sample
241109-xsj9jazfqd
-
MD5
f06fed13d630223e163547ec07f40194
-
SHA1
3744f0c0992933a218e64c32d2687eb71fdf98f4
-
SHA256
a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b
-
SHA512
b3f1f78b5da80e0079dc60e0d63a20c2e7ca0c84845170164b85e55bd178ca80220ca258a7176cd09f7c88aa10c0220932dede523c4073df3d33fe4934ba5eb7
-
SSDEEP
24576:xyOHCcOeMzJN4htDmka6wp8TGbdXkA+AUnF+bOCr0jYrdB:k2CcOeM34zpa6wGQ+A+MX0
Static task
static1
Behavioral task
behavioral1
Sample
a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b
-
Size
1.1MB
-
MD5
f06fed13d630223e163547ec07f40194
-
SHA1
3744f0c0992933a218e64c32d2687eb71fdf98f4
-
SHA256
a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b
-
SHA512
b3f1f78b5da80e0079dc60e0d63a20c2e7ca0c84845170164b85e55bd178ca80220ca258a7176cd09f7c88aa10c0220932dede523c4073df3d33fe4934ba5eb7
-
SSDEEP
24576:xyOHCcOeMzJN4htDmka6wp8TGbdXkA+AUnF+bOCr0jYrdB:k2CcOeM34zpa6wGQ+A+MX0
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1