General
-
Target
1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb
-
Size
553KB
-
Sample
241112-yxrpvatkhn
-
MD5
b6482f0cd1137f11f5d0e44361d364be
-
SHA1
d80cabdbc739221c6efea3eb519d34f1655c14d8
-
SHA256
1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb
-
SHA512
75fcfeaa7b1b7f3b3b6c2062d9f891d967c84730c0558d17a22db9163d958b5947fbd0ea8a7df0922a0553b4a36b01c66147dbc9152559ba9d4082bf51bb5c5c
-
SSDEEP
12288:cy90OmwQzXDtXiFEIk1VkFPsl+yPSJ9MSTdnvtmZ03IAEo8R:cyGbDUEI6CEl+Ss9MOvq6hC
Static task
static1
Behavioral task
behavioral1
Sample
1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb
-
Size
553KB
-
MD5
b6482f0cd1137f11f5d0e44361d364be
-
SHA1
d80cabdbc739221c6efea3eb519d34f1655c14d8
-
SHA256
1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb
-
SHA512
75fcfeaa7b1b7f3b3b6c2062d9f891d967c84730c0558d17a22db9163d958b5947fbd0ea8a7df0922a0553b4a36b01c66147dbc9152559ba9d4082bf51bb5c5c
-
SSDEEP
12288:cy90OmwQzXDtXiFEIk1VkFPsl+yPSJ9MSTdnvtmZ03IAEo8R:cyGbDUEI6CEl+Ss9MOvq6hC
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1