General
-
Target
9519f73f178886ea4cd9ca6f6f338d40119b33150bf1aa02a9f1eb4b61468033
-
Size
828KB
-
Sample
241109-xtm2tazjdv
-
MD5
491e7db6deb797778465fce1e0c6d883
-
SHA1
7b8ab1aa82b9d05013bf5637d4c2fec7babcacbb
-
SHA256
9519f73f178886ea4cd9ca6f6f338d40119b33150bf1aa02a9f1eb4b61468033
-
SHA512
c82b046bd2b25c862ca9f5f61722646d7871bb43bb7a7ef4946048eea1a5d00c76a6de08f69c673575582903e2b4437ee999516847346185c3dee384421ba844
-
SSDEEP
12288:Yy90iw1Ebo64W+iBZgeAfFyUunmAw8KYdfcAY8d0vIFLKSkKwT4SbBTWmwKy:Yy+jH2ZD0cUX8Ffcgd09T4SNTLwR
Static task
static1
Behavioral task
behavioral1
Sample
9519f73f178886ea4cd9ca6f6f338d40119b33150bf1aa02a9f1eb4b61468033.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9519f73f178886ea4cd9ca6f6f338d40119b33150bf1aa02a9f1eb4b61468033
-
Size
828KB
-
MD5
491e7db6deb797778465fce1e0c6d883
-
SHA1
7b8ab1aa82b9d05013bf5637d4c2fec7babcacbb
-
SHA256
9519f73f178886ea4cd9ca6f6f338d40119b33150bf1aa02a9f1eb4b61468033
-
SHA512
c82b046bd2b25c862ca9f5f61722646d7871bb43bb7a7ef4946048eea1a5d00c76a6de08f69c673575582903e2b4437ee999516847346185c3dee384421ba844
-
SSDEEP
12288:Yy90iw1Ebo64W+iBZgeAfFyUunmAw8KYdfcAY8d0vIFLKSkKwT4SbBTWmwKy:Yy+jH2ZD0cUX8Ffcgd09T4SNTLwR
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1