General
-
Target
1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3
-
Size
488KB
-
Sample
241112-y184asyres
-
MD5
aab2500b583817775490d153cb26fcfc
-
SHA1
e83f18f484744fce38d7ae0eb9d477c9b67dd833
-
SHA256
1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3
-
SHA512
1e34c3fc3f7ea0313c1b884fa4c5e0de260e6bfd596c1198735c905d5ec2b75742aafdd791c3b02d9817a7da7e1606a35e01b9af8eede8626c1cc9de22b76df8
-
SSDEEP
12288:3y90LyKZqLtD1Ii0EaR06wvPiLEzywA83:3yzh1IilViLsyS
Static task
static1
Behavioral task
behavioral1
Sample
1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3
-
Size
488KB
-
MD5
aab2500b583817775490d153cb26fcfc
-
SHA1
e83f18f484744fce38d7ae0eb9d477c9b67dd833
-
SHA256
1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3
-
SHA512
1e34c3fc3f7ea0313c1b884fa4c5e0de260e6bfd596c1198735c905d5ec2b75742aafdd791c3b02d9817a7da7e1606a35e01b9af8eede8626c1cc9de22b76df8
-
SSDEEP
12288:3y90LyKZqLtD1Ii0EaR06wvPiLEzywA83:3yzh1IilViLsyS
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1