General
-
Target
a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0
-
Size
706KB
-
Sample
241110-atpt3sykdl
-
MD5
856b96b55ea1ab0674ef924b20e31bdd
-
SHA1
e95dc4a9dcd749099dae4d98f7a14ed874824985
-
SHA256
a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0
-
SHA512
fbc2b375e299deb4326c1bb199c54b68533ed741821f022d81e12d1672a66d83bee31bd4e6e23ba96fb819788f6cbaa1b833d2bb0ed6cb8490ce6b4322f5c400
-
SSDEEP
12288:Oy90dhFc+m5shVDhjD0CwrNtjh5w+++Hq/R1XZtRhvYNco0OCwRazYWcp:Oy2hS+m5sR0Cwr3h2+++HYFhNOHRakW0
Static task
static1
Behavioral task
behavioral1
Sample
a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0
-
Size
706KB
-
MD5
856b96b55ea1ab0674ef924b20e31bdd
-
SHA1
e95dc4a9dcd749099dae4d98f7a14ed874824985
-
SHA256
a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0
-
SHA512
fbc2b375e299deb4326c1bb199c54b68533ed741821f022d81e12d1672a66d83bee31bd4e6e23ba96fb819788f6cbaa1b833d2bb0ed6cb8490ce6b4322f5c400
-
SSDEEP
12288:Oy90dhFc+m5shVDhjD0CwrNtjh5w+++Hq/R1XZtRhvYNco0OCwRazYWcp:Oy2hS+m5sR0Cwr3h2+++HYFhNOHRakW0
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1