General
-
Target
aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220
-
Size
828KB
-
Sample
241111-gt4rkaxqbp
-
MD5
194d6c13e6d617cfd4c3f33e02ab3f1e
-
SHA1
0c984484f120893ddcceb774e41b01781bb4ff19
-
SHA256
aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220
-
SHA512
9acdfc8a44ce9fe1d62339dde1f7567664eac2da1197cc9e9cdcb56be6459a4069663268e7102ad7e2f561720f1a4eda2f7510fb8f381d14aa62125dfe99a4f5
-
SSDEEP
24576:PyBEnb0A2Mo8R1vmEQ4n7Pxe4AmLSWOr3x:aBib0zkvnnDxkm+
Static task
static1
Behavioral task
behavioral1
Sample
aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220
-
Size
828KB
-
MD5
194d6c13e6d617cfd4c3f33e02ab3f1e
-
SHA1
0c984484f120893ddcceb774e41b01781bb4ff19
-
SHA256
aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220
-
SHA512
9acdfc8a44ce9fe1d62339dde1f7567664eac2da1197cc9e9cdcb56be6459a4069663268e7102ad7e2f561720f1a4eda2f7510fb8f381d14aa62125dfe99a4f5
-
SSDEEP
24576:PyBEnb0A2Mo8R1vmEQ4n7Pxe4AmLSWOr3x:aBib0zkvnnDxkm+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1