General
-
Target
8baa7d14f449283d086abaf55759064502ccd08ffc32a38e3c12333346456ba8
-
Size
568KB
-
Sample
241104-qdhzlazhpk
-
MD5
4ff7067e03837833987de8672c61d3b8
-
SHA1
66df8e9d19b2ee8305e0c5d658cf240802b6c42a
-
SHA256
8baa7d14f449283d086abaf55759064502ccd08ffc32a38e3c12333346456ba8
-
SHA512
c792103365aae48d8f2bcdf8544347e0efe0d5790542bed2817a505b82e4f257391c1a4d54e8a2befbb5cb8d2f13612e759bab47b0152197121199fe4fcce70c
-
SSDEEP
12288:py90NhLOnu4OJAlU//msr6iYtOpli3deIIHNPBzsYI:pycFIu4OJAlO/bYt+YdaHNeH
Malware Config
Targets
-
-
Target
8baa7d14f449283d086abaf55759064502ccd08ffc32a38e3c12333346456ba8
-
Size
568KB
-
MD5
4ff7067e03837833987de8672c61d3b8
-
SHA1
66df8e9d19b2ee8305e0c5d658cf240802b6c42a
-
SHA256
8baa7d14f449283d086abaf55759064502ccd08ffc32a38e3c12333346456ba8
-
SHA512
c792103365aae48d8f2bcdf8544347e0efe0d5790542bed2817a505b82e4f257391c1a4d54e8a2befbb5cb8d2f13612e759bab47b0152197121199fe4fcce70c
-
SSDEEP
12288:py90NhLOnu4OJAlU//msr6iYtOpli3deIIHNPBzsYI:pycFIu4OJAlO/bYt+YdaHNeH
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1