General
-
Target
2ee7107aff37141a2fbe78fb64d34b0a883167758cce55224adf096d81d88413
-
Size
1.1MB
-
Sample
241110-1nbndawbmj
-
MD5
4364200a145a155b9c71e6789bd55970
-
SHA1
ad7da9f765b39ef8b48815166ab2bf7f660129c5
-
SHA256
2ee7107aff37141a2fbe78fb64d34b0a883167758cce55224adf096d81d88413
-
SHA512
ce05db9a2ded9d42ecf6d6a2f982222a35f1f0a1fabe1cf655ba505f7f0233870da450df3be9dc13409b9733d6416f22e47f49e6d72462cf9d896a4a811efe23
-
SSDEEP
24576:DyAGs2XWBoA8b2oMiBmzyWiCGHkFyzlyfwicD4soZME443:WASazyYMP318
Malware Config
Targets
-
-
Target
2ee7107aff37141a2fbe78fb64d34b0a883167758cce55224adf096d81d88413
-
Size
1.1MB
-
MD5
4364200a145a155b9c71e6789bd55970
-
SHA1
ad7da9f765b39ef8b48815166ab2bf7f660129c5
-
SHA256
2ee7107aff37141a2fbe78fb64d34b0a883167758cce55224adf096d81d88413
-
SHA512
ce05db9a2ded9d42ecf6d6a2f982222a35f1f0a1fabe1cf655ba505f7f0233870da450df3be9dc13409b9733d6416f22e47f49e6d72462cf9d896a4a811efe23
-
SSDEEP
24576:DyAGs2XWBoA8b2oMiBmzyWiCGHkFyzlyfwicD4soZME443:WASazyYMP318
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1