General
-
Target
a0bae8fe80d551af70d02824598590bb46396c551d3d4cd2be076163ba87fa61
-
Size
1.5MB
-
Sample
241110-1j445awdqd
-
MD5
4878591b5f1c9f3465061fa5aff8b2ae
-
SHA1
b40079e05f1b15d7d0541ab904cef5ff473cc3e7
-
SHA256
a0bae8fe80d551af70d02824598590bb46396c551d3d4cd2be076163ba87fa61
-
SHA512
a1596a353e2398809c6638e65bb156109057ec7d1fda27428a2f110c43d1254de98bd9f409d9dd18417c46983c3dba53ab81d51b377a69daf0742762f4cb447d
-
SSDEEP
24576:IyrRw9TqklmCZxv8Gq/9jHN8rW3Yy7grXmowsw8tZmXU6azrWCDGdc8N18R1Od:Pr0FDYVHN8rRFwsw856K1KdhW1
Malware Config
Targets
-
-
Target
a0bae8fe80d551af70d02824598590bb46396c551d3d4cd2be076163ba87fa61
-
Size
1.5MB
-
MD5
4878591b5f1c9f3465061fa5aff8b2ae
-
SHA1
b40079e05f1b15d7d0541ab904cef5ff473cc3e7
-
SHA256
a0bae8fe80d551af70d02824598590bb46396c551d3d4cd2be076163ba87fa61
-
SHA512
a1596a353e2398809c6638e65bb156109057ec7d1fda27428a2f110c43d1254de98bd9f409d9dd18417c46983c3dba53ab81d51b377a69daf0742762f4cb447d
-
SSDEEP
24576:IyrRw9TqklmCZxv8Gq/9jHN8rW3Yy7grXmowsw8tZmXU6azrWCDGdc8N18R1Od:Pr0FDYVHN8rRFwsw856K1KdhW1
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1