General
-
Target
05055dd807a89f745803eff406594eab6e92dd0022f1c032d28a1bb8dc3fb7a8
-
Size
806KB
-
Sample
241110-1hqkcaynhj
-
MD5
23f0f3226a067d9aee2159e6ed886811
-
SHA1
5f62e0faa3c505d747da33574cb24de3f89dd8b7
-
SHA256
05055dd807a89f745803eff406594eab6e92dd0022f1c032d28a1bb8dc3fb7a8
-
SHA512
8f4d985b02b3d152cec6adae0f433ccaeb9a2d34aab2625ed213c0522856378e1cdacd8293700ab4a9e621b68d5d81d703dc7271c4e65b4c8b407901e0e0e627
-
SSDEEP
12288:Py90NWMNxMBM7oeDb8jtAyqC1fBu4RDpcDbmQ3YIfQJwR/pHkzrdn:PyBw2BwYJ91pVRDpQbmoBQ24Rn
Malware Config
Targets
-
-
Target
05055dd807a89f745803eff406594eab6e92dd0022f1c032d28a1bb8dc3fb7a8
-
Size
806KB
-
MD5
23f0f3226a067d9aee2159e6ed886811
-
SHA1
5f62e0faa3c505d747da33574cb24de3f89dd8b7
-
SHA256
05055dd807a89f745803eff406594eab6e92dd0022f1c032d28a1bb8dc3fb7a8
-
SHA512
8f4d985b02b3d152cec6adae0f433ccaeb9a2d34aab2625ed213c0522856378e1cdacd8293700ab4a9e621b68d5d81d703dc7271c4e65b4c8b407901e0e0e627
-
SSDEEP
12288:Py90NWMNxMBM7oeDb8jtAyqC1fBu4RDpcDbmQ3YIfQJwR/pHkzrdn:PyBw2BwYJ91pVRDpQbmoBQ24Rn
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1