General
-
Target
b4abdf10768452a791abdbac2107b271a4f38ee897fe1a10ac4cbccaae8882f3
-
Size
690KB
-
Sample
241104-rh9hsatlhm
-
MD5
8ecf7f11c0227cc8e7ea3924f803e616
-
SHA1
28824b574f91e9803a8ff703cc9fa02328213ab9
-
SHA256
b4abdf10768452a791abdbac2107b271a4f38ee897fe1a10ac4cbccaae8882f3
-
SHA512
cd5b1969169af111c14fd40d3278286a315d22b75544e913376a674e00e112ff8fdfcabf14222badd0f5e4a64ff77c5a228182cd6300d934a39f3b31f13a6f4e
-
SSDEEP
12288:hy90FBMuIq5tOCNd9SrcSRKIUxanqhhOi+0nev2BmBo8zxVLc:hyKMuIaff9SlIw8hO4e2BYVzxVLc
Malware Config
Targets
-
-
Target
b4abdf10768452a791abdbac2107b271a4f38ee897fe1a10ac4cbccaae8882f3
-
Size
690KB
-
MD5
8ecf7f11c0227cc8e7ea3924f803e616
-
SHA1
28824b574f91e9803a8ff703cc9fa02328213ab9
-
SHA256
b4abdf10768452a791abdbac2107b271a4f38ee897fe1a10ac4cbccaae8882f3
-
SHA512
cd5b1969169af111c14fd40d3278286a315d22b75544e913376a674e00e112ff8fdfcabf14222badd0f5e4a64ff77c5a228182cd6300d934a39f3b31f13a6f4e
-
SSDEEP
12288:hy90FBMuIq5tOCNd9SrcSRKIUxanqhhOi+0nev2BmBo8zxVLc:hyKMuIaff9SlIw8hO4e2BYVzxVLc
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1