General
-
Target
49231192b2e4a251812a7aa13b62d5a26d26f733967fcdcb0db8dc764ff63c5e
-
Size
702KB
-
Sample
241110-16lw3awkgx
-
MD5
81cf4c4050b2e5f0a298b22cce67a710
-
SHA1
04109f83f3d4feee6ff3d17114e46a8275a487ac
-
SHA256
49231192b2e4a251812a7aa13b62d5a26d26f733967fcdcb0db8dc764ff63c5e
-
SHA512
d4d424fbd93384be465664f64e699c8fc41340fd63ffbad336298e568f7013bf122d98d5ab897907045806920433dbec60d2c11416edb60bb4b753dc278758a6
-
SSDEEP
12288:hy90nYlzttXKoKIRB1eZtlHmvrGJ2phfFhFfn1BTudRJ9UfYU2C:hyBClIRmtlmvKJux9xLfYU5
Malware Config
Targets
-
-
Target
49231192b2e4a251812a7aa13b62d5a26d26f733967fcdcb0db8dc764ff63c5e
-
Size
702KB
-
MD5
81cf4c4050b2e5f0a298b22cce67a710
-
SHA1
04109f83f3d4feee6ff3d17114e46a8275a487ac
-
SHA256
49231192b2e4a251812a7aa13b62d5a26d26f733967fcdcb0db8dc764ff63c5e
-
SHA512
d4d424fbd93384be465664f64e699c8fc41340fd63ffbad336298e568f7013bf122d98d5ab897907045806920433dbec60d2c11416edb60bb4b753dc278758a6
-
SSDEEP
12288:hy90nYlzttXKoKIRB1eZtlHmvrGJ2phfFhFfn1BTudRJ9UfYU2C:hyBClIRmtlmvKJux9xLfYU5
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1