General
-
Target
f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366cN.exe
-
Size
1.0MB
-
Sample
241112-x646vszbnp
-
MD5
acb16970bfd637a054a0a8ab85aadfe0
-
SHA1
1c5050b02446eb832a69bb3d2a0142859953269c
-
SHA256
f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366c
-
SHA512
d932f7b958186d957c97af297b5d1a06df3e5346b506e2bd4686795362fcea423e0ebe7383f32f9e15e68557f6a9bb5e086b4524899a2949dc6b59bdc68c1ba5
-
SSDEEP
24576:WypgdwClFj/RMR1A59KDM9DIppZdoqGRyohWD3:lwFt/mLA59KecpjdXEY
Static task
static1
Behavioral task
behavioral1
Sample
f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366cN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366cN.exe
-
Size
1.0MB
-
MD5
acb16970bfd637a054a0a8ab85aadfe0
-
SHA1
1c5050b02446eb832a69bb3d2a0142859953269c
-
SHA256
f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366c
-
SHA512
d932f7b958186d957c97af297b5d1a06df3e5346b506e2bd4686795362fcea423e0ebe7383f32f9e15e68557f6a9bb5e086b4524899a2949dc6b59bdc68c1ba5
-
SSDEEP
24576:WypgdwClFj/RMR1A59KDM9DIppZdoqGRyohWD3:lwFt/mLA59KecpjdXEY
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1