General
-
Target
373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708.exe
-
Size
783KB
-
Sample
241117-rc2kzs1jfy
-
MD5
2fec8b81e427b08658e7b11700643366
-
SHA1
e1d969415dac386b1b48ce3173fa9daa2d19e1f8
-
SHA256
373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708
-
SHA512
acb3590b49b6a860552925497179813f2e1fef3238e0fe914ddd5926f0dc372fff1f786d5f983ceb1865614de6927a9e7e1e73133461e8efda21d2d451b75bb7
-
SSDEEP
12288:Ky90PgZSONOijP/RYh+Ehqg31DXl7bHx4/DIZYV26BNA9VSAFWmVKFaj/t:KyigwOwUvU1DXl72jBN9AFCu/t
Static task
static1
Behavioral task
behavioral1
Sample
373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708.exe
-
Size
783KB
-
MD5
2fec8b81e427b08658e7b11700643366
-
SHA1
e1d969415dac386b1b48ce3173fa9daa2d19e1f8
-
SHA256
373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708
-
SHA512
acb3590b49b6a860552925497179813f2e1fef3238e0fe914ddd5926f0dc372fff1f786d5f983ceb1865614de6927a9e7e1e73133461e8efda21d2d451b75bb7
-
SSDEEP
12288:Ky90PgZSONOijP/RYh+Ehqg31DXl7bHx4/DIZYV26BNA9VSAFWmVKFaj/t:KyigwOwUvU1DXl72jBN9AFCu/t
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1