General
-
Target
ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f
-
Size
694KB
-
Sample
241109-xt7q8azgmr
-
MD5
eee6a1273685411ab5ece61c3384d003
-
SHA1
efc9c732ab2f0dd4b742d907b9f4f12614e31849
-
SHA256
ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f
-
SHA512
823e3bbf2c31aa8321483935fba24804f8868e64caa232340eef3f329b58ff7df0c3bc60c0f194123183288bb9af037e881575d09295d81d29b33b4d3ed279db
-
SSDEEP
12288:ly90FkQXDkwbfcLIdBS7FTzOA7+/jPW16F+18beKMA+KeaxUh:lywk3wboF+A7p6F+18berVSUh
Static task
static1
Behavioral task
behavioral1
Sample
ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f
-
Size
694KB
-
MD5
eee6a1273685411ab5ece61c3384d003
-
SHA1
efc9c732ab2f0dd4b742d907b9f4f12614e31849
-
SHA256
ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f
-
SHA512
823e3bbf2c31aa8321483935fba24804f8868e64caa232340eef3f329b58ff7df0c3bc60c0f194123183288bb9af037e881575d09295d81d29b33b4d3ed279db
-
SSDEEP
12288:ly90FkQXDkwbfcLIdBS7FTzOA7+/jPW16F+18beKMA+KeaxUh:lywk3wboF+A7p6F+18berVSUh
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1