General
-
Target
cf18d8b63e509d366c741cafcc7d2f2c704a1d12bcb5c22b5d11dc7772271ecd
-
Size
1.2MB
-
Sample
241110-dh1c8aybre
-
MD5
4cf81614e74c7ec3bdb03655c8b9eedc
-
SHA1
e0fc621d6f44c7ffa1452f3fd9d8f3ebba269e45
-
SHA256
cf18d8b63e509d366c741cafcc7d2f2c704a1d12bcb5c22b5d11dc7772271ecd
-
SHA512
88986ce40504c5fbe6097dc3260ce324f4b5d126118829eae8a96767caff4a043d7101bee28dea2f5c24558cc81d6c4c1d9ced800ae5f7ee4bf3654010239b47
-
SSDEEP
24576:PCbht9y/vN4jFVkUI4Hiew2ltipvLt87VLLLVxCwaUdw578ObN/4SYrnP4uO:PCz9uyy4Hrw2lt2CxxCwbdw57fQSG
Static task
static1
Behavioral task
behavioral1
Sample
cf18d8b63e509d366c741cafcc7d2f2c704a1d12bcb5c22b5d11dc7772271ecd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cf18d8b63e509d366c741cafcc7d2f2c704a1d12bcb5c22b5d11dc7772271ecd.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cf18d8b63e509d366c741cafcc7d2f2c704a1d12bcb5c22b5d11dc7772271ecd
-
Size
1.2MB
-
MD5
4cf81614e74c7ec3bdb03655c8b9eedc
-
SHA1
e0fc621d6f44c7ffa1452f3fd9d8f3ebba269e45
-
SHA256
cf18d8b63e509d366c741cafcc7d2f2c704a1d12bcb5c22b5d11dc7772271ecd
-
SHA512
88986ce40504c5fbe6097dc3260ce324f4b5d126118829eae8a96767caff4a043d7101bee28dea2f5c24558cc81d6c4c1d9ced800ae5f7ee4bf3654010239b47
-
SSDEEP
24576:PCbht9y/vN4jFVkUI4Hiew2ltipvLt87VLLLVxCwaUdw578ObN/4SYrnP4uO:PCz9uyy4Hrw2lt2CxxCwbdw57fQSG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1