General
-
Target
427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612
-
Size
966KB
-
Sample
241110-bmewzayqcl
-
MD5
8bcd58216755fe1f11a7715214a7774a
-
SHA1
5603c9700a96761cd13d7ad8ad09c854a7fb5f34
-
SHA256
427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612
-
SHA512
d26a5f6dbb533efc6a382ae8a51b0f18a532cd5d2d7dcda40aa4c4e537f2c8d3f16cbb8b61afbe6a17388290c99256d0f34c4288ed0e559dc87ca5bd7ffaabc8
-
SSDEEP
24576:EygR5Su+2AAxOG65cL+rrZcnUkMiGJCVlewuc:TWcu+2lxOGSjynAiQCVYj
Static task
static1
Behavioral task
behavioral1
Sample
427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612
-
Size
966KB
-
MD5
8bcd58216755fe1f11a7715214a7774a
-
SHA1
5603c9700a96761cd13d7ad8ad09c854a7fb5f34
-
SHA256
427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612
-
SHA512
d26a5f6dbb533efc6a382ae8a51b0f18a532cd5d2d7dcda40aa4c4e537f2c8d3f16cbb8b61afbe6a17388290c99256d0f34c4288ed0e559dc87ca5bd7ffaabc8
-
SSDEEP
24576:EygR5Su+2AAxOG65cL+rrZcnUkMiGJCVlewuc:TWcu+2lxOGSjynAiQCVYj
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1