General
-
Target
951de55673ff7d68e9f2909651b074be1a350319c7bf9b16cacaf481d08d00b3
-
Size
747KB
-
Sample
241110-cmjetsxclp
-
MD5
109caa9fba0b77391f5f555c65cc7895
-
SHA1
d83cb848ba8e1bc0c057c9b0231a76d5c91e5aba
-
SHA256
951de55673ff7d68e9f2909651b074be1a350319c7bf9b16cacaf481d08d00b3
-
SHA512
65402a190c9effaeda8a3d2454152f6ce43831f73cd28d726512e57cd26ce0e149d762db4fec43d8f6476afcc0486d8e0650d13a662dceeb31779cf6edf1ba0d
-
SSDEEP
12288:+y9051XLoiM1P1RCdtoMuDJSO/Fy6CFdUJfHKCQ3eHYdL/mTmulAUMPh+/0Or:+y8tLUj9N86CcJfqC4l/mGA/0Or
Static task
static1
Behavioral task
behavioral1
Sample
951de55673ff7d68e9f2909651b074be1a350319c7bf9b16cacaf481d08d00b3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
951de55673ff7d68e9f2909651b074be1a350319c7bf9b16cacaf481d08d00b3
-
Size
747KB
-
MD5
109caa9fba0b77391f5f555c65cc7895
-
SHA1
d83cb848ba8e1bc0c057c9b0231a76d5c91e5aba
-
SHA256
951de55673ff7d68e9f2909651b074be1a350319c7bf9b16cacaf481d08d00b3
-
SHA512
65402a190c9effaeda8a3d2454152f6ce43831f73cd28d726512e57cd26ce0e149d762db4fec43d8f6476afcc0486d8e0650d13a662dceeb31779cf6edf1ba0d
-
SSDEEP
12288:+y9051XLoiM1P1RCdtoMuDJSO/Fy6CFdUJfHKCQ3eHYdL/mTmulAUMPh+/0Or:+y8tLUj9N86CcJfqC4l/mGA/0Or
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1