General
-
Target
2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b
-
Size
563KB
-
Sample
241110-ecfx3aylb1
-
MD5
637cb972aaf29d9a049593cf3d501729
-
SHA1
c1d70dca288ff6efd9c46685366e4173e8cfa18b
-
SHA256
2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b
-
SHA512
cba9c5be1c3560e1c22ad9c614f188bdd347fe05313e1af2a6420d717c15f0b9618ceaee541463e1bc8e20c74e333af0a77bb7055558e6005da85dcea9ab21b8
-
SSDEEP
12288:xy90slLTnE44S/3ok3QT7hOH2EmCei6KkWG22u8Jvxsu:xy5f4S/4TTF82VI6K02bsJsu
Static task
static1
Behavioral task
behavioral1
Sample
2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b
-
Size
563KB
-
MD5
637cb972aaf29d9a049593cf3d501729
-
SHA1
c1d70dca288ff6efd9c46685366e4173e8cfa18b
-
SHA256
2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b
-
SHA512
cba9c5be1c3560e1c22ad9c614f188bdd347fe05313e1af2a6420d717c15f0b9618ceaee541463e1bc8e20c74e333af0a77bb7055558e6005da85dcea9ab21b8
-
SSDEEP
12288:xy90slLTnE44S/3ok3QT7hOH2EmCei6KkWG22u8Jvxsu:xy5f4S/4TTF82VI6K02bsJsu
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1