General
-
Target
c010a07c3b5e632481978bb15f844b3323e3a5318683ad2bf2fd7a5a095d30a2
-
Size
703KB
-
Sample
241110-1x9lrswjbs
-
MD5
763bb681734156c87b3aac278f42a02d
-
SHA1
e5f6b80e4fc38680aba07c1f873b16d35096d12d
-
SHA256
c010a07c3b5e632481978bb15f844b3323e3a5318683ad2bf2fd7a5a095d30a2
-
SHA512
2d302cc725188e3665ecf17f664359049100d5250c255aebcad6b5e17687661531c786407ffdca402df1f348d3b3ff63f13c65aa6c32c8db7c44340f02f9b707
-
SSDEEP
12288:Jy90UnDAfzEKSPP82co51dXpKeaRyIWZmFYo7/7:JyjAI/PP2oTdZrkWZ27L7
Malware Config
Targets
-
-
Target
c010a07c3b5e632481978bb15f844b3323e3a5318683ad2bf2fd7a5a095d30a2
-
Size
703KB
-
MD5
763bb681734156c87b3aac278f42a02d
-
SHA1
e5f6b80e4fc38680aba07c1f873b16d35096d12d
-
SHA256
c010a07c3b5e632481978bb15f844b3323e3a5318683ad2bf2fd7a5a095d30a2
-
SHA512
2d302cc725188e3665ecf17f664359049100d5250c255aebcad6b5e17687661531c786407ffdca402df1f348d3b3ff63f13c65aa6c32c8db7c44340f02f9b707
-
SSDEEP
12288:Jy90UnDAfzEKSPP82co51dXpKeaRyIWZmFYo7/7:JyjAI/PP2oTdZrkWZ27L7
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1