General
-
Target
1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44
-
Size
746KB
-
Sample
241110-eb9traylbw
-
MD5
530d23f755eb7cf537ca70efd690740c
-
SHA1
9fa198502930edb133c042dea22c59fc80d4efb8
-
SHA256
1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44
-
SHA512
58d05d9f10273f8fd5c2e73814b5e451b76c6f756116dccdf788fe0c10f787fae8656802fa0bcfff459a595927bcbe1fc173f46a5c94d0032949730f1b11dd10
-
SSDEEP
12288:py90jlrSKlGDAn8HYl3GlCzfMDlCDPjqNVol96qjOiCOb+9g:pypMn84l2IrQlMP+kbOiCs
Static task
static1
Behavioral task
behavioral1
Sample
1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44
-
Size
746KB
-
MD5
530d23f755eb7cf537ca70efd690740c
-
SHA1
9fa198502930edb133c042dea22c59fc80d4efb8
-
SHA256
1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44
-
SHA512
58d05d9f10273f8fd5c2e73814b5e451b76c6f756116dccdf788fe0c10f787fae8656802fa0bcfff459a595927bcbe1fc173f46a5c94d0032949730f1b11dd10
-
SSDEEP
12288:py90jlrSKlGDAn8HYl3GlCzfMDlCDPjqNVol96qjOiCOb+9g:pypMn84l2IrQlMP+kbOiCs
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1