General
-
Target
df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4
-
Size
806KB
-
Sample
241110-bnlqxawfmf
-
MD5
b58ba40696d920ad965f97bbeaf09f7f
-
SHA1
e2448b487de718ae90f5c872a602a1e13b0b4ada
-
SHA256
df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4
-
SHA512
2aa88d43d2b9e28753b5edeb8734f703a834f402271156f19ef556ac1af7d2c584e116679dfea98ea6d7ae6e8acccd92bf02d82ae56fb7a3c36933ec793c8c62
-
SSDEEP
12288:ry90zLPZhmWF5VtFGb/B923EgyAa1fBZ0v4pc6P8QU+adugOlzpFFV:ryELPZNF5Jo/Bk0H1pmv4pZP8Sv
Static task
static1
Behavioral task
behavioral1
Sample
df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4
-
Size
806KB
-
MD5
b58ba40696d920ad965f97bbeaf09f7f
-
SHA1
e2448b487de718ae90f5c872a602a1e13b0b4ada
-
SHA256
df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4
-
SHA512
2aa88d43d2b9e28753b5edeb8734f703a834f402271156f19ef556ac1af7d2c584e116679dfea98ea6d7ae6e8acccd92bf02d82ae56fb7a3c36933ec793c8c62
-
SSDEEP
12288:ry90zLPZhmWF5VtFGb/B923EgyAa1fBZ0v4pc6P8QU+adugOlzpFFV:ryELPZNF5Jo/Bk0H1pmv4pZP8Sv
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1