General
-
Target
d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa
-
Size
1.5MB
-
Sample
241110-ebnarasjhm
-
MD5
a0d6312b6b936a55cd7c2c33833871ef
-
SHA1
ca18a0256d576e6e0161f996e40bf725355eeb2a
-
SHA256
d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa
-
SHA512
21a08e37cbc07157aae077c1a2ede3b037458f4e983146743f5707693f507751de0d987828237787b4ea976ca80f25416fc027870e8d27767899823252956eac
-
SSDEEP
49152:PzN8I/1nWIApB1POrPsamTtomYUM6LHJG/EvoC:t9nLoMPsaDmxTjIcw
Static task
static1
Behavioral task
behavioral1
Sample
d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa
-
Size
1.5MB
-
MD5
a0d6312b6b936a55cd7c2c33833871ef
-
SHA1
ca18a0256d576e6e0161f996e40bf725355eeb2a
-
SHA256
d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa
-
SHA512
21a08e37cbc07157aae077c1a2ede3b037458f4e983146743f5707693f507751de0d987828237787b4ea976ca80f25416fc027870e8d27767899823252956eac
-
SSDEEP
49152:PzN8I/1nWIApB1POrPsamTtomYUM6LHJG/EvoC:t9nLoMPsaDmxTjIcw
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1