General
-
Target
cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9
-
Size
611KB
-
Sample
241110-b5wx7sxaqf
-
MD5
057e3f9865bf1eb0151ab3a472b61a48
-
SHA1
59950e90ecd85dcf5aa389c0125cd16f33dc1b4b
-
SHA256
cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9
-
SHA512
9389b2f4fc0a5706ed551ea13eaf7c34f8913768e744e0fb6bb1730ee1e11f91a74949cd89756126e5828c118d4a62de724170011049b8eb0bc8feccf5432701
-
SSDEEP
12288:my90epyVocMsESHsrT7wwpMrYwq2CxjweEVdRItIeYu3:myeVVMsES2MSMr5Ixj+YYC
Static task
static1
Behavioral task
behavioral1
Sample
cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9
-
Size
611KB
-
MD5
057e3f9865bf1eb0151ab3a472b61a48
-
SHA1
59950e90ecd85dcf5aa389c0125cd16f33dc1b4b
-
SHA256
cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9
-
SHA512
9389b2f4fc0a5706ed551ea13eaf7c34f8913768e744e0fb6bb1730ee1e11f91a74949cd89756126e5828c118d4a62de724170011049b8eb0bc8feccf5432701
-
SSDEEP
12288:my90epyVocMsESHsrT7wwpMrYwq2CxjweEVdRItIeYu3:myeVVMsES2MSMr5Ixj+YYC
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1