General
-
Target
b7fe9197d3b1a02ad97e20613b364723a62a0ba033d98d5e892cb36ccc098467
-
Size
739KB
-
Sample
241110-cgfrraxbkl
-
MD5
fe5249fa0a7a783a86b081f0741a3c66
-
SHA1
526bf2066b86320772ca368fe61fb07a83349753
-
SHA256
b7fe9197d3b1a02ad97e20613b364723a62a0ba033d98d5e892cb36ccc098467
-
SHA512
e5903ed997c5bfed75cfde92d56d6aeb45e6c9a6da6a41ebb0008fa843bb7929a8088e03327af657d4646b02e84d4890f34bfdf52e3bc0ce22a18a58308d01cd
-
SSDEEP
12288:ty90XmrpSmIwi/42zKWtTK3AFDB+BZ75A9l2/n42LZqLnmAw/NasANMf:tytrzidtPTL9l5mqrmAw/N7+U
Static task
static1
Behavioral task
behavioral1
Sample
b7fe9197d3b1a02ad97e20613b364723a62a0ba033d98d5e892cb36ccc098467.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b7fe9197d3b1a02ad97e20613b364723a62a0ba033d98d5e892cb36ccc098467
-
Size
739KB
-
MD5
fe5249fa0a7a783a86b081f0741a3c66
-
SHA1
526bf2066b86320772ca368fe61fb07a83349753
-
SHA256
b7fe9197d3b1a02ad97e20613b364723a62a0ba033d98d5e892cb36ccc098467
-
SHA512
e5903ed997c5bfed75cfde92d56d6aeb45e6c9a6da6a41ebb0008fa843bb7929a8088e03327af657d4646b02e84d4890f34bfdf52e3bc0ce22a18a58308d01cd
-
SSDEEP
12288:ty90XmrpSmIwi/42zKWtTK3AFDB+BZ75A9l2/n42LZqLnmAw/NasANMf:tytrzidtPTL9l5mqrmAw/N7+U
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1