General
-
Target
4d992d4ccbc8d7941e324be9808eb457a00b9a2177865b2c0b1b202357baeaab
-
Size
749KB
-
Sample
241110-2bv2xszlgl
-
MD5
3298baaf2b9ae3bc15362680f299c37d
-
SHA1
8473b98efd5777751448fc13b297411a6c5b1213
-
SHA256
4d992d4ccbc8d7941e324be9808eb457a00b9a2177865b2c0b1b202357baeaab
-
SHA512
76bc987ca60d41ec20cfe75bd3da5896a7ac8490bedf586a3d51a452efe9e5f8f96920ee88e13fea42f81439c63b0ae5b432bb1748f505c3a4b7814010c7a5b3
-
SSDEEP
12288:Zy900NvPMCzuqaW2bopu4DMntPMEG5deo9Jmau1BxtNokemBa3KPaaJ2kLzm0:ZyxtECB2spu04kBrJAXza3KPaS2kLzT
Malware Config
Targets
-
-
Target
4d992d4ccbc8d7941e324be9808eb457a00b9a2177865b2c0b1b202357baeaab
-
Size
749KB
-
MD5
3298baaf2b9ae3bc15362680f299c37d
-
SHA1
8473b98efd5777751448fc13b297411a6c5b1213
-
SHA256
4d992d4ccbc8d7941e324be9808eb457a00b9a2177865b2c0b1b202357baeaab
-
SHA512
76bc987ca60d41ec20cfe75bd3da5896a7ac8490bedf586a3d51a452efe9e5f8f96920ee88e13fea42f81439c63b0ae5b432bb1748f505c3a4b7814010c7a5b3
-
SSDEEP
12288:Zy900NvPMCzuqaW2bopu4DMntPMEG5deo9Jmau1BxtNokemBa3KPaaJ2kLzm0:ZyxtECB2spu04kBrJAXza3KPaS2kLzT
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1