General
-
Target
c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81
-
Size
563KB
-
Sample
241110-eccweayfqq
-
MD5
64574df4c9121c6a4de6b077bf820c97
-
SHA1
52ec4d4ecde7bf190b82778b88a5e78e2880b08d
-
SHA256
c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81
-
SHA512
684b553cfd703c676b817200a11aba1f9b2e329e3622f59d7d0c4534b3aba2f0d6eeef694445f99b98d8c53e8d132c288e3a9da68160d5083b5fee9de2b0ab24
-
SSDEEP
12288:ty9064IMeN21lPMtIOEz/0YfzsM1YjJOBn+t:tyt43eN21FWQMYfACYjJO0
Static task
static1
Behavioral task
behavioral1
Sample
c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81
-
Size
563KB
-
MD5
64574df4c9121c6a4de6b077bf820c97
-
SHA1
52ec4d4ecde7bf190b82778b88a5e78e2880b08d
-
SHA256
c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81
-
SHA512
684b553cfd703c676b817200a11aba1f9b2e329e3622f59d7d0c4534b3aba2f0d6eeef694445f99b98d8c53e8d132c288e3a9da68160d5083b5fee9de2b0ab24
-
SSDEEP
12288:ty9064IMeN21lPMtIOEz/0YfzsM1YjJOBn+t:tyt43eN21FWQMYfACYjJO0
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1