General
-
Target
8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd
-
Size
690KB
-
Sample
241110-a77l2svngt
-
MD5
a354eab424766e36c45f4111d4bb214d
-
SHA1
a74417f29061413713f9822050e67ee321f413f7
-
SHA256
8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd
-
SHA512
d02f8d6af83492e3fbae01c25b2d4ee0c1d30f2cce1d46b93b521669b9e6f8c76050d12417e12014b601d729b83862ffffe0c3c903c003e23afe510eb1b6278f
-
SSDEEP
12288:Wy90zpi5HNXULubOs2KYxnLnHTB1rmrTkz0MWU2kmREKMqUqoo:WybtNNa91T15Q6h2kkEDo
Static task
static1
Behavioral task
behavioral1
Sample
8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd
-
Size
690KB
-
MD5
a354eab424766e36c45f4111d4bb214d
-
SHA1
a74417f29061413713f9822050e67ee321f413f7
-
SHA256
8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd
-
SHA512
d02f8d6af83492e3fbae01c25b2d4ee0c1d30f2cce1d46b93b521669b9e6f8c76050d12417e12014b601d729b83862ffffe0c3c903c003e23afe510eb1b6278f
-
SSDEEP
12288:Wy90zpi5HNXULubOs2KYxnLnHTB1rmrTkz0MWU2kmREKMqUqoo:WybtNNa91T15Q6h2kkEDo
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1