General
-
Target
c2e2af1f7ce3a69f0268ca3c3bfee8f6fd8080c399ea3068f528228c40f4f7bd
-
Size
936KB
-
Sample
241110-aw5cjsykhl
-
MD5
54fc63e44524973477b3ddc1d69514db
-
SHA1
214689b2ee7ad072f7bb72438b5ca3bf03cae905
-
SHA256
c2e2af1f7ce3a69f0268ca3c3bfee8f6fd8080c399ea3068f528228c40f4f7bd
-
SHA512
5cb866f29f56b8534599d1b35b94e11c1721a21cd257ffb838c2c46e512ff812afcb557942d4fea6e1aae321547a0efe9bb1227603d6d1534de07e7e4b816360
-
SSDEEP
24576:gydAnP4btdgAGr6N74JeJYZ7eYUDUz0Ya4QbywwhM8:ndgAb3BJ4JeJYZyYUD+Nvwwh
Static task
static1
Behavioral task
behavioral1
Sample
c2e2af1f7ce3a69f0268ca3c3bfee8f6fd8080c399ea3068f528228c40f4f7bd.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c2e2af1f7ce3a69f0268ca3c3bfee8f6fd8080c399ea3068f528228c40f4f7bd
-
Size
936KB
-
MD5
54fc63e44524973477b3ddc1d69514db
-
SHA1
214689b2ee7ad072f7bb72438b5ca3bf03cae905
-
SHA256
c2e2af1f7ce3a69f0268ca3c3bfee8f6fd8080c399ea3068f528228c40f4f7bd
-
SHA512
5cb866f29f56b8534599d1b35b94e11c1721a21cd257ffb838c2c46e512ff812afcb557942d4fea6e1aae321547a0efe9bb1227603d6d1534de07e7e4b816360
-
SSDEEP
24576:gydAnP4btdgAGr6N74JeJYZ7eYUDUz0Ya4QbywwhM8:ndgAb3BJ4JeJYZyYUD+Nvwwh
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1