General
-
Target
db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836
-
Size
642KB
-
Sample
241111-c4laratqdq
-
MD5
2970144e68a0affa649b571c9d555ec8
-
SHA1
578fe9a657c5103e01c1996a7bb848a2318837ad
-
SHA256
db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836
-
SHA512
3a7cb96f9a9621bf3f244a41e9b4f18f2b2819b15008849d2ea37fd96591fe36495df3576ff473b61156af486daadd11ccf97596fcfb8908734e2d35dca55575
-
SSDEEP
12288:/y90D2KUA2tWHhRj9nYlVtB1JiXvlHqWW6jI1qbPK3A+1UQS+VRC:/yC2KhtHfj+b1Evt66jI1qbPorUQJVRC
Static task
static1
Behavioral task
behavioral1
Sample
db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836
-
Size
642KB
-
MD5
2970144e68a0affa649b571c9d555ec8
-
SHA1
578fe9a657c5103e01c1996a7bb848a2318837ad
-
SHA256
db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836
-
SHA512
3a7cb96f9a9621bf3f244a41e9b4f18f2b2819b15008849d2ea37fd96591fe36495df3576ff473b61156af486daadd11ccf97596fcfb8908734e2d35dca55575
-
SSDEEP
12288:/y90D2KUA2tWHhRj9nYlVtB1JiXvlHqWW6jI1qbPK3A+1UQS+VRC:/yC2KhtHfj+b1Evt66jI1qbPorUQJVRC
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1