General
-
Target
13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8
-
Size
936KB
-
Sample
241109-xsyrxssrbq
-
MD5
504fd4e19d3be280efd33a090673d969
-
SHA1
1cbc6bb9884a9fe1fdaca7952b0cc4b73a97662d
-
SHA256
13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8
-
SHA512
64fd1d89fcefad76b5fe126560b08a9f572a9a9ea026656fd023877f41d2b108f36433aee4899e4caeee0603fd9426548144523c20f904eafeef5d7a4b7e4ee3
-
SSDEEP
24576:jyJ4iiF2LAY/zS9cs2jVlBiPGL/cyI6C4pnbz8:2J5BLUcs2liPG7c7Ib
Static task
static1
Behavioral task
behavioral1
Sample
13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8
-
Size
936KB
-
MD5
504fd4e19d3be280efd33a090673d969
-
SHA1
1cbc6bb9884a9fe1fdaca7952b0cc4b73a97662d
-
SHA256
13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8
-
SHA512
64fd1d89fcefad76b5fe126560b08a9f572a9a9ea026656fd023877f41d2b108f36433aee4899e4caeee0603fd9426548144523c20f904eafeef5d7a4b7e4ee3
-
SSDEEP
24576:jyJ4iiF2LAY/zS9cs2jVlBiPGL/cyI6C4pnbz8:2J5BLUcs2liPG7c7Ib
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1