General
-
Target
5405d61abfb5d7fc8c824db9176baa33af07f2898190aa227352c874cab584b3
-
Size
746KB
-
Sample
241110-1g4etawajq
-
MD5
10093559c65733ade8b9e3133061e26e
-
SHA1
5c727656f24d2ff8ada68f4c3519e82a64936dd0
-
SHA256
5405d61abfb5d7fc8c824db9176baa33af07f2898190aa227352c874cab584b3
-
SHA512
3070e9b5043bb21504425071b393a943baf31218483ffd47c39157abef7c209cd84e08d558616c64666920d6b4c821611972a2b392ddb5422ed0dbcccf76a66b
-
SSDEEP
12288:Wy90Mw8ckTqUeun1mJNKB5CeV2m1un639zhBtcXx+SbM1wMN:Wy0MnE/KjGm1uM5cXAS4wMN
Malware Config
Targets
-
-
Target
5405d61abfb5d7fc8c824db9176baa33af07f2898190aa227352c874cab584b3
-
Size
746KB
-
MD5
10093559c65733ade8b9e3133061e26e
-
SHA1
5c727656f24d2ff8ada68f4c3519e82a64936dd0
-
SHA256
5405d61abfb5d7fc8c824db9176baa33af07f2898190aa227352c874cab584b3
-
SHA512
3070e9b5043bb21504425071b393a943baf31218483ffd47c39157abef7c209cd84e08d558616c64666920d6b4c821611972a2b392ddb5422ed0dbcccf76a66b
-
SSDEEP
12288:Wy90Mw8ckTqUeun1mJNKB5CeV2m1un639zhBtcXx+SbM1wMN:Wy0MnE/KjGm1uM5cXAS4wMN
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1