General
-
Target
20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c
-
Size
414KB
-
Sample
241120-zmat1stemj
-
MD5
35e90dbe161f241c70da51698db44dae
-
SHA1
02f402480482d2b7aad7a50af7f8e6d06811346c
-
SHA256
20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c
-
SHA512
b9a30ec63db894504d0e917c1ff2f6faa2acfffc013e038fa559aac1813fcd35085f9911fefb676488d2ea892f1485437de1585d82d39a70a716cc3e11e93874
-
SSDEEP
12288:0y90XGt2QrKV9OLf5FRzXZtRhvCHc2DRf9LP:0yh2YK/OLfNFhIdRP
Static task
static1
Behavioral task
behavioral1
Sample
20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c
-
Size
414KB
-
MD5
35e90dbe161f241c70da51698db44dae
-
SHA1
02f402480482d2b7aad7a50af7f8e6d06811346c
-
SHA256
20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c
-
SHA512
b9a30ec63db894504d0e917c1ff2f6faa2acfffc013e038fa559aac1813fcd35085f9911fefb676488d2ea892f1485437de1585d82d39a70a716cc3e11e93874
-
SSDEEP
12288:0y90XGt2QrKV9OLf5FRzXZtRhvCHc2DRf9LP:0yh2YK/OLfNFhIdRP
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1