General
-
Target
fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836
-
Size
1.2MB
-
Sample
241109-xtwnyszjdx
-
MD5
78cac4584c9f6aef5520caccdc4f6c81
-
SHA1
56246575edaf00555e5d3033573fd79001a31457
-
SHA256
fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836
-
SHA512
678e6173307e9e345bbc8e86361a0061125f82ad8b106edfd0678e80bd92f3d513690c0007aab3bcd55e83284fb3f3ea20b28b9e1ef1e95993539be11b2bd75e
-
SSDEEP
24576:NcfsVIKzRLTr3vkFjAacR3lMERO6s0fYK++YSYuugo4cyC/:Nc+I8X8FjAacEER9NYK+lngo4cyC
Static task
static1
Behavioral task
behavioral1
Sample
fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836
-
Size
1.2MB
-
MD5
78cac4584c9f6aef5520caccdc4f6c81
-
SHA1
56246575edaf00555e5d3033573fd79001a31457
-
SHA256
fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836
-
SHA512
678e6173307e9e345bbc8e86361a0061125f82ad8b106edfd0678e80bd92f3d513690c0007aab3bcd55e83284fb3f3ea20b28b9e1ef1e95993539be11b2bd75e
-
SSDEEP
24576:NcfsVIKzRLTr3vkFjAacR3lMERO6s0fYK++YSYuugo4cyC/:Nc+I8X8FjAacEER9NYK+lngo4cyC
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1