General
-
Target
1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9
-
Size
691KB
-
Sample
241110-dzn2hsxrfs
-
MD5
bdd466d7b09ebbfd160435767894cfc5
-
SHA1
4c651807b88381c8d1cfe5f93060183e6005a712
-
SHA256
1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9
-
SHA512
8bb3fb67044ffcecb95e2f92cd042fe33d22b131c1470386171429eb0c936a3ad247bf30d6d117cc6214d1ad7805eb68b8654c26838c6a68a57d2c60058bd168
-
SSDEEP
12288:ry90f6vPZpO/j/W5MiyOEEcq2wYiCYM6Qzf3Ze2+7ztAANB2Q8U5H3m6pI:ryGSmy5byOYu7CYMb3U2dANMLOmyI
Static task
static1
Behavioral task
behavioral1
Sample
1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9
-
Size
691KB
-
MD5
bdd466d7b09ebbfd160435767894cfc5
-
SHA1
4c651807b88381c8d1cfe5f93060183e6005a712
-
SHA256
1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9
-
SHA512
8bb3fb67044ffcecb95e2f92cd042fe33d22b131c1470386171429eb0c936a3ad247bf30d6d117cc6214d1ad7805eb68b8654c26838c6a68a57d2c60058bd168
-
SSDEEP
12288:ry90f6vPZpO/j/W5MiyOEEcq2wYiCYM6Qzf3Ze2+7ztAANB2Q8U5H3m6pI:ryGSmy5byOYu7CYMb3U2dANMLOmyI
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1