General
-
Target
f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f
-
Size
1.0MB
-
Sample
241110-b4hzysxanh
-
MD5
73027f8d9a6ff64c87c429cd07c47244
-
SHA1
240810cc531ce32fbe64c10bc3dd99ccea7d7cc0
-
SHA256
f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f
-
SHA512
bd5e8be9016059524b32ebf364b8c0cda20849da35ba38d53e033b624ed5b28387b6c85a9e59c473600703f421f8e12e6c44e2e70ab967acb8293c325e216eab
-
SSDEEP
24576:uygcF+4H/Do1xUjeTl/hYFlYe0p5f6tx1heHZcquSgoVry7S0U5:9bFBH/yTRyF5UxKveHZcquSx+
Static task
static1
Behavioral task
behavioral1
Sample
f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f
-
Size
1.0MB
-
MD5
73027f8d9a6ff64c87c429cd07c47244
-
SHA1
240810cc531ce32fbe64c10bc3dd99ccea7d7cc0
-
SHA256
f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f
-
SHA512
bd5e8be9016059524b32ebf364b8c0cda20849da35ba38d53e033b624ed5b28387b6c85a9e59c473600703f421f8e12e6c44e2e70ab967acb8293c325e216eab
-
SSDEEP
24576:uygcF+4H/Do1xUjeTl/hYFlYe0p5f6tx1heHZcquSgoVry7S0U5:9bFBH/yTRyF5UxKveHZcquSx+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1