General
-
Target
2c9594e855ef6761880e611b889ccdc1ab06f0d170a779e834bdecddff3b5149
-
Size
702KB
-
Sample
241110-3rf4da1jgq
-
MD5
8c783f2b9854db5425893c2a2c76a442
-
SHA1
51a7dc23418562d3a0d86a3f4c097d4c4c5790a3
-
SHA256
2c9594e855ef6761880e611b889ccdc1ab06f0d170a779e834bdecddff3b5149
-
SHA512
49c582b33789062eea9f4dcd52589aab4bed3384ca25c1fcce730c08cc15d95aabcb2a4debc6a2df4708ad51a8b7d121de642ec5740dbe8b0d0521721b403cbc
-
SSDEEP
12288:Yy90mfIs0Opa/uRhbNMaxDcvJJ6phwA4Ffn1B7udpJYUAcp+Cmp:YyNfnja/uRnxABJSU9RKA9p
Malware Config
Targets
-
-
Target
2c9594e855ef6761880e611b889ccdc1ab06f0d170a779e834bdecddff3b5149
-
Size
702KB
-
MD5
8c783f2b9854db5425893c2a2c76a442
-
SHA1
51a7dc23418562d3a0d86a3f4c097d4c4c5790a3
-
SHA256
2c9594e855ef6761880e611b889ccdc1ab06f0d170a779e834bdecddff3b5149
-
SHA512
49c582b33789062eea9f4dcd52589aab4bed3384ca25c1fcce730c08cc15d95aabcb2a4debc6a2df4708ad51a8b7d121de642ec5740dbe8b0d0521721b403cbc
-
SSDEEP
12288:Yy90mfIs0Opa/uRhbNMaxDcvJJ6phwA4Ffn1B7udpJYUAcp+Cmp:YyNfnja/uRnxABJSU9RKA9p
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1