General
-
Target
8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8
-
Size
552KB
-
Sample
241110-aqn4davkcy
-
MD5
cf868858c43e3399005f8e8d4078de10
-
SHA1
3c4c946508001d109c1be96f7211312237ac943b
-
SHA256
8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8
-
SHA512
94adae07fc9fd2e6ec6916e583b9071077d7e6209a290b8fea558a81f4782fcd144547fcc5139a7d15881d78ba68f47ff6a69484c957a626d8d586bf086fe044
-
SSDEEP
12288:Ly90S1uv4Fv+ABW+5IsX7RPiVQZ2GHWLsQqdrnJY8c05aZQdoO:Ly0v++i5X7RPiVQvOsnrnTcCNoO
Static task
static1
Behavioral task
behavioral1
Sample
8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8
-
Size
552KB
-
MD5
cf868858c43e3399005f8e8d4078de10
-
SHA1
3c4c946508001d109c1be96f7211312237ac943b
-
SHA256
8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8
-
SHA512
94adae07fc9fd2e6ec6916e583b9071077d7e6209a290b8fea558a81f4782fcd144547fcc5139a7d15881d78ba68f47ff6a69484c957a626d8d586bf086fe044
-
SSDEEP
12288:Ly90S1uv4Fv+ABW+5IsX7RPiVQZ2GHWLsQqdrnJY8c05aZQdoO:Ly0v++i5X7RPiVQvOsnrnTcCNoO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1