General
-
Target
de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2.exe
-
Size
691KB
-
Sample
241111-hf1nesvdlp
-
MD5
9ffa5221aed67039ff10188709cb6187
-
SHA1
b52f2106bd487b3eb8779292a73e2ee41108a616
-
SHA256
de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2
-
SHA512
511da8521122d60d1667b916b6754145297240f9babd629ce24a9b58f9562477f37a2fb74ad026964eb0dfa76b5a2c62a8c2084f470c349caa731c1107682bcd
-
SSDEEP
12288:7y90wGSYMZJis4AKb5x7htBv8M98e2C7CGjUANBlbLqt+78g:7yXxnR4r7Dv9n2yAANDbutu8g
Static task
static1
Behavioral task
behavioral1
Sample
de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2.exe
-
Size
691KB
-
MD5
9ffa5221aed67039ff10188709cb6187
-
SHA1
b52f2106bd487b3eb8779292a73e2ee41108a616
-
SHA256
de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2
-
SHA512
511da8521122d60d1667b916b6754145297240f9babd629ce24a9b58f9562477f37a2fb74ad026964eb0dfa76b5a2c62a8c2084f470c349caa731c1107682bcd
-
SSDEEP
12288:7y90wGSYMZJis4AKb5x7htBv8M98e2C7CGjUANBlbLqt+78g:7yXxnR4r7Dv9n2yAANDbutu8g
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1