General
-
Target
b30d08eee16365cc24c0836ff457a9abae6ef007c6fd0fb12131495efa3f1d9f
-
Size
332KB
-
Sample
241110-2adq9axbkd
-
MD5
acbae9f0594094839498a9b936ba4a13
-
SHA1
31403820648c47fe789999a42e9789f45c40d7dc
-
SHA256
b30d08eee16365cc24c0836ff457a9abae6ef007c6fd0fb12131495efa3f1d9f
-
SHA512
64ec632ddabc010fa1cad3191e512c4920a3771b9cf84b3aa6ae1664104bcf348a653a6d90f7da60bbfe976d59fba4ad198a776e7989c4293169ddf20a90c8cd
-
SSDEEP
6144:BNxDEcx2ObXX70CsY0gEKxkSBu3ygpcDkeOYiVx0KvQlAu6Bt0BZAzwx3IffVRFm:T2YXX70hSBpgkkexiL0EQlAu6w3A8s1m
Malware Config
Targets
-
-
Target
318ffcd348285d68b7a958dd80a30587ac4a0fe204b8808864256d8ce05d6925.exe
-
Size
376KB
-
MD5
fd988308edb84485e42f0e97670ef724
-
SHA1
cea9056fea10505b6c4817072f03255567171e1a
-
SHA256
318ffcd348285d68b7a958dd80a30587ac4a0fe204b8808864256d8ce05d6925
-
SHA512
e3ebba12d8b8a9b3bbc618144bc0f039febfd85bcf429f9c0ab99408a974a9c8606d4f0e30ffcdfd19374bda97e531d64a6f63d5cfe77ce62cf9f3685446a6ad
-
SSDEEP
6144:K9y+bnr+Cp0yN90QEtVddK1kFR83tdJDG4G6hMB9e4Ppel7xqF8xvE5Y:7Mruy90VdsqDK2n9eXl7xy8pz
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1