General
-
Target
ff48f595fb25c2bddbe120bc3405f6087f7052245ddbfcd1c57bfcd93574387b
-
Size
1.1MB
-
Sample
241111-ghmnxaxnfk
-
MD5
eea8640a94be7733cf4d59cdea7c9b16
-
SHA1
cb0e746f0838d703193861ddb6257e7ceda812bf
-
SHA256
ff48f595fb25c2bddbe120bc3405f6087f7052245ddbfcd1c57bfcd93574387b
-
SHA512
f0854f9abe1914d564314b7b1515e067d20991a9183f6a9cc6c7ec04dfdb578584c2ee94cc9f50d6ba667fdf2e32ee387c4c915dd123cfe4a5f64cdfdd682c31
-
SSDEEP
24576:ryghVZjDa2cjTG51OXVpmu9JdBc4xbyfSGmNOkGjcQg5H0JHr8:eEDjJ5WLLf0ydLslTHr
Static task
static1
Behavioral task
behavioral1
Sample
ff48f595fb25c2bddbe120bc3405f6087f7052245ddbfcd1c57bfcd93574387b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ff48f595fb25c2bddbe120bc3405f6087f7052245ddbfcd1c57bfcd93574387b
-
Size
1.1MB
-
MD5
eea8640a94be7733cf4d59cdea7c9b16
-
SHA1
cb0e746f0838d703193861ddb6257e7ceda812bf
-
SHA256
ff48f595fb25c2bddbe120bc3405f6087f7052245ddbfcd1c57bfcd93574387b
-
SHA512
f0854f9abe1914d564314b7b1515e067d20991a9183f6a9cc6c7ec04dfdb578584c2ee94cc9f50d6ba667fdf2e32ee387c4c915dd123cfe4a5f64cdfdd682c31
-
SSDEEP
24576:ryghVZjDa2cjTG51OXVpmu9JdBc4xbyfSGmNOkGjcQg5H0JHr8:eEDjJ5WLLf0ydLslTHr
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1