General
-
Target
159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87
-
Size
936KB
-
Sample
241111-gngpvaxpck
-
MD5
45f3fc7c1e2fa3a444c1afcc05eec9f4
-
SHA1
d34285f3725df33f4a43d3f09e4ca4e522039b02
-
SHA256
159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87
-
SHA512
32d8b1f7ec29ed4c0f422eb89417ba1cbb3c8973f1f40b39e4ec031407d0e95be38630708a1d5adc057fd2f48656d28e8c024228424c9e420ec960dcb02c37e9
-
SSDEEP
24576:QyS6YuVgA1qLcGVisfHP1FSpBrCsX/074E:XS2VTGNfvfSrHc
Static task
static1
Behavioral task
behavioral1
Sample
159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87
-
Size
936KB
-
MD5
45f3fc7c1e2fa3a444c1afcc05eec9f4
-
SHA1
d34285f3725df33f4a43d3f09e4ca4e522039b02
-
SHA256
159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87
-
SHA512
32d8b1f7ec29ed4c0f422eb89417ba1cbb3c8973f1f40b39e4ec031407d0e95be38630708a1d5adc057fd2f48656d28e8c024228424c9e420ec960dcb02c37e9
-
SSDEEP
24576:QyS6YuVgA1qLcGVisfHP1FSpBrCsX/074E:XS2VTGNfvfSrHc
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1