General
-
Target
c5668a588887b8b9e5060708d8adc0d8ebff3f962b6d7c52c77b2a9ee128c656
-
Size
828KB
-
Sample
241110-bmma2svqh1
-
MD5
3a89654df0f72a90ce6bd64e473dad4c
-
SHA1
5405ff4652590b5b7b0d5d6127c8d0dd0200a638
-
SHA256
c5668a588887b8b9e5060708d8adc0d8ebff3f962b6d7c52c77b2a9ee128c656
-
SHA512
b46f0b299893a66523f9e5c1313525916215d19406095c8befe097f2a6e663c46f52be218c2448b9ee4e9ddae35a3b806b5f2f498bc7d1370c209e6efe4f6078
-
SSDEEP
12288:Oy90E+VG5V8FfSgbcMjUlCO5ARHEBdZGdY8J070iBmrL1K1ZPZ1KCl1XJfi4jHQh:OyJ+WVIlY280kzZG/J8GO1BlPK40h
Static task
static1
Behavioral task
behavioral1
Sample
c5668a588887b8b9e5060708d8adc0d8ebff3f962b6d7c52c77b2a9ee128c656.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c5668a588887b8b9e5060708d8adc0d8ebff3f962b6d7c52c77b2a9ee128c656
-
Size
828KB
-
MD5
3a89654df0f72a90ce6bd64e473dad4c
-
SHA1
5405ff4652590b5b7b0d5d6127c8d0dd0200a638
-
SHA256
c5668a588887b8b9e5060708d8adc0d8ebff3f962b6d7c52c77b2a9ee128c656
-
SHA512
b46f0b299893a66523f9e5c1313525916215d19406095c8befe097f2a6e663c46f52be218c2448b9ee4e9ddae35a3b806b5f2f498bc7d1370c209e6efe4f6078
-
SSDEEP
12288:Oy90E+VG5V8FfSgbcMjUlCO5ARHEBdZGdY8J070iBmrL1K1ZPZ1KCl1XJfi4jHQh:OyJ+WVIlY280kzZG/J8GO1BlPK40h
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1