General
-
Target
cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61
-
Size
727KB
-
Sample
241110-a68gyswbnn
-
MD5
c9ed0ada7f9607474089c15c94b4d822
-
SHA1
32242608710c882fb8f819fde7f97d629713d622
-
SHA256
cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61
-
SHA512
236d747cbdace6bf8039f783ac27db2e547b6d9f82125401e7e3e1d632a40d08b70228f40bf12f965ea302a70ca45ae2269cd85d91c5c9743106d1228046bcc9
-
SSDEEP
12288:Jy90lIsfM1z2yEU06edw82h1IfRTeiiubAH9mZUtbuPnI6NatD:JylsfAz2b/12h1I1QueLUI6NM
Static task
static1
Behavioral task
behavioral1
Sample
cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61
-
Size
727KB
-
MD5
c9ed0ada7f9607474089c15c94b4d822
-
SHA1
32242608710c882fb8f819fde7f97d629713d622
-
SHA256
cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61
-
SHA512
236d747cbdace6bf8039f783ac27db2e547b6d9f82125401e7e3e1d632a40d08b70228f40bf12f965ea302a70ca45ae2269cd85d91c5c9743106d1228046bcc9
-
SSDEEP
12288:Jy90lIsfM1z2yEU06edw82h1IfRTeiiubAH9mZUtbuPnI6NatD:JylsfAz2b/12h1I1QueLUI6NM
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1