General
-
Target
3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd.exe
-
Size
706KB
-
Sample
241113-pb4b3s1gqa
-
MD5
34ef10852858bd32007422e56ce7edc4
-
SHA1
3e30657ca855853b07ed32e4eba8cd6fcd151410
-
SHA256
3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd
-
SHA512
6ecc7fd85d9a1e40a2a0c0094ba26e0577dbe0a5840dc2fb6e901d424f45b192f26e97afd8876dc20ab7dc937b31d390ffcf14f4db2b7e445cc4252d7d545104
-
SSDEEP
12288:Ry907EKrFJ5Tz8vJZTYprYwMROWPT1RrXZtRhv8NcpCKBKH2gUdBM:Ry3oFJ5/8xZ0prYxsWP7FhgxULM
Static task
static1
Behavioral task
behavioral1
Sample
3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd.exe
-
Size
706KB
-
MD5
34ef10852858bd32007422e56ce7edc4
-
SHA1
3e30657ca855853b07ed32e4eba8cd6fcd151410
-
SHA256
3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd
-
SHA512
6ecc7fd85d9a1e40a2a0c0094ba26e0577dbe0a5840dc2fb6e901d424f45b192f26e97afd8876dc20ab7dc937b31d390ffcf14f4db2b7e445cc4252d7d545104
-
SSDEEP
12288:Ry907EKrFJ5Tz8vJZTYprYwMROWPT1RrXZtRhv8NcpCKBKH2gUdBM:Ry3oFJ5/8xZ0prYxsWP7FhgxULM
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1