General
-
Target
bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3
-
Size
552KB
-
Sample
241115-b6eqbawgmp
-
MD5
943c1f910d2db3e596d458c69abc08bb
-
SHA1
e6e8b7265b16761efc57634b8ece8d94994a73dd
-
SHA256
bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3
-
SHA512
40d1db358c3d964db2efca1e7fe5d8695a16d30ea84dffc6433e867961c8f330d39bb3c16880dbc0ecf147dcb560e6ad14982ffc871a4ec775915fddf3ec4002
-
SSDEEP
12288:By90P41FK4xSHg2TGv0y9nkCUfE8IOSsemQyYhi+:Byg4kzGf9nUfgsew+
Static task
static1
Behavioral task
behavioral1
Sample
bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3
-
Size
552KB
-
MD5
943c1f910d2db3e596d458c69abc08bb
-
SHA1
e6e8b7265b16761efc57634b8ece8d94994a73dd
-
SHA256
bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3
-
SHA512
40d1db358c3d964db2efca1e7fe5d8695a16d30ea84dffc6433e867961c8f330d39bb3c16880dbc0ecf147dcb560e6ad14982ffc871a4ec775915fddf3ec4002
-
SSDEEP
12288:By90P41FK4xSHg2TGv0y9nkCUfE8IOSsemQyYhi+:Byg4kzGf9nUfgsew+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1