General
-
Target
da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b
-
Size
690KB
-
Sample
241110-bz3hsszjhj
-
MD5
0cc581cf14c4ca70d35c901df43b682f
-
SHA1
d0537f1552e509b59b212a7e77c577187c147942
-
SHA256
da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b
-
SHA512
e2392ce4099ddc79b9a5069b3817e679740b638d3ea25f7977a498e683248e5a2d115d2f3de5ca3b0cdf3dae78189e8bd162040ebb0ff47cb61b1feac033ed48
-
SSDEEP
12288:Iy90C5Q3ygkjuY9sStK91gp20p6DWx0+5E2FmBiOsh:IyU3tY/wJ66DCu2FYkh
Static task
static1
Behavioral task
behavioral1
Sample
da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b
-
Size
690KB
-
MD5
0cc581cf14c4ca70d35c901df43b682f
-
SHA1
d0537f1552e509b59b212a7e77c577187c147942
-
SHA256
da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b
-
SHA512
e2392ce4099ddc79b9a5069b3817e679740b638d3ea25f7977a498e683248e5a2d115d2f3de5ca3b0cdf3dae78189e8bd162040ebb0ff47cb61b1feac033ed48
-
SSDEEP
12288:Iy90C5Q3ygkjuY9sStK91gp20p6DWx0+5E2FmBiOsh:IyU3tY/wJ66DCu2FYkh
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1