General
-
Target
b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe
-
Size
1.5MB
-
Sample
241110-bpezravrcv
-
MD5
9809716a678485184f66c13bc678beec
-
SHA1
4ff102ea598e8cc76c5d879366f3967bb77b6f51
-
SHA256
b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe
-
SHA512
7a2c3ab6c4dc67a67d950cbfdc950600000c374463f9486d19a6173bbabe3f1a2bd0a394e191f1a8f1ebfc6744e8f3171fecb7dec9d1a54dda9b4c58f070c525
-
SSDEEP
49152:XSCCUTqqkPvi+b7DdZP1L56dQo4kuKePm:oVFPaQJZPNgdQovA
Static task
static1
Behavioral task
behavioral1
Sample
b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe
-
Size
1.5MB
-
MD5
9809716a678485184f66c13bc678beec
-
SHA1
4ff102ea598e8cc76c5d879366f3967bb77b6f51
-
SHA256
b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe
-
SHA512
7a2c3ab6c4dc67a67d950cbfdc950600000c374463f9486d19a6173bbabe3f1a2bd0a394e191f1a8f1ebfc6744e8f3171fecb7dec9d1a54dda9b4c58f070c525
-
SSDEEP
49152:XSCCUTqqkPvi+b7DdZP1L56dQo4kuKePm:oVFPaQJZPNgdQovA
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1