General
-
Target
e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
-
Size
704KB
-
Sample
241110-bsmh1ayrcp
-
MD5
a0f2812b3d31e1b5f188d0e9d21d3ab2
-
SHA1
9bbd00ba7e557d8c3c3915f2b4f16276695a4843
-
SHA256
e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
-
SHA512
89e51ae6c9f253294bab26accbfb4fa58eb3437ee5d921d7d4dd2a6dd92a89fcd345015ba4a56296c4d9a85a0e0dbbdb0d22dc6a45f828cdd114a35d17a3b37e
-
SSDEEP
12288:hy90miH8tFHcsXxXICFk085EfCymad0ipLFSObixbJqbCWi+LlATBge:hy2H8TjzJTfYKFtbixbJqm+LeBge
Static task
static1
Behavioral task
behavioral1
Sample
e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
-
Size
704KB
-
MD5
a0f2812b3d31e1b5f188d0e9d21d3ab2
-
SHA1
9bbd00ba7e557d8c3c3915f2b4f16276695a4843
-
SHA256
e179dfadfd9157da384378be5dc3bf01d74a911d61c58a40236fa52b6224cc93
-
SHA512
89e51ae6c9f253294bab26accbfb4fa58eb3437ee5d921d7d4dd2a6dd92a89fcd345015ba4a56296c4d9a85a0e0dbbdb0d22dc6a45f828cdd114a35d17a3b37e
-
SSDEEP
12288:hy90miH8tFHcsXxXICFk085EfCymad0ipLFSObixbJqbCWi+LlATBge:hy2H8TjzJTfYKFtbixbJqm+LeBge
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1