General
-
Target
6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a
-
Size
685KB
-
Sample
241111-hkzxpaylaj
-
MD5
fdfe8e39d4b278956280d68a3e2da8e4
-
SHA1
1b25ccb0cfda518ab32ee6fed1fad63cc543a9dc
-
SHA256
6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a
-
SHA512
0afbd0d860278b1cc6205e66b6e5e175c4f48a43c44f953830bf526d90c9a0d9392f13a015255726dc958248572db0f5b6bd1d6247e46b33c0a6bc90636de075
-
SSDEEP
12288:7y90OqI4DnLzpMPXAFTyCSagpuXbkNvwYgXV5uyyx/7phqcvZ2:7yO1nLFFSkuwfXruj1FvZ2
Static task
static1
Behavioral task
behavioral1
Sample
6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a
-
Size
685KB
-
MD5
fdfe8e39d4b278956280d68a3e2da8e4
-
SHA1
1b25ccb0cfda518ab32ee6fed1fad63cc543a9dc
-
SHA256
6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a
-
SHA512
0afbd0d860278b1cc6205e66b6e5e175c4f48a43c44f953830bf526d90c9a0d9392f13a015255726dc958248572db0f5b6bd1d6247e46b33c0a6bc90636de075
-
SSDEEP
12288:7y90OqI4DnLzpMPXAFTyCSagpuXbkNvwYgXV5uyyx/7phqcvZ2:7yO1nLFFSkuwfXruj1FvZ2
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1