General
-
Target
e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316
-
Size
690KB
-
Sample
241111-gne61svcld
-
MD5
82a2197f0d0d06f2ab360e93ba9bfe48
-
SHA1
0167e5375beed3137d43c471cc2f25d955ebd8f3
-
SHA256
e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316
-
SHA512
ce9feded8c19d1ad219f4076289c68266bcae59acd55c08de6176b090311a256fa4a8cd1d68f445251e81cfb0663793587f84cf1c82dfcb4ab1108b7eacd7f90
-
SSDEEP
12288:Xy90Rd8Lp85MmT0MVXDhPEpOY+d7eNOuJOKw3ls2VBaFl6Cie0+oJHhHnR7:XyM285loMfPKSdVLKWy2YJil+othx7
Static task
static1
Behavioral task
behavioral1
Sample
e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316
-
Size
690KB
-
MD5
82a2197f0d0d06f2ab360e93ba9bfe48
-
SHA1
0167e5375beed3137d43c471cc2f25d955ebd8f3
-
SHA256
e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316
-
SHA512
ce9feded8c19d1ad219f4076289c68266bcae59acd55c08de6176b090311a256fa4a8cd1d68f445251e81cfb0663793587f84cf1c82dfcb4ab1108b7eacd7f90
-
SSDEEP
12288:Xy90Rd8Lp85MmT0MVXDhPEpOY+d7eNOuJOKw3ls2VBaFl6Cie0+oJHhHnR7:XyM285loMfPKSdVLKWy2YJil+othx7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1