General
-
Target
57eda30942d963c9ae7ec19dfd3e4398a7ef7bad711d8bf415fd157b4aacd7aa
-
Size
943KB
-
Sample
241111-aej1aa1mfq
-
MD5
b19c934b8d660d50774f68bd0aa612a4
-
SHA1
8b766296561c3c8bd7f2d73558b221e8e2eab9d6
-
SHA256
57eda30942d963c9ae7ec19dfd3e4398a7ef7bad711d8bf415fd157b4aacd7aa
-
SHA512
ac9fa71dd96c40594940be39d5a4c9cf8ca998c64068aa031f41b85110b4f0f4af35d2638fe65638475db4196dd4e495eeddda683954c040d64476f698efc28f
-
SSDEEP
12288:xy90IU1oAx16rqtpvol+uF6arH0y8GGezkE2fB+4nkpcn7LZwRjz3fo+AcBwxtxa:xyICAT6Ot6ZFnrUybpzt2p7nkpU7m2w
Malware Config
Targets
-
-
Target
57eda30942d963c9ae7ec19dfd3e4398a7ef7bad711d8bf415fd157b4aacd7aa
-
Size
943KB
-
MD5
b19c934b8d660d50774f68bd0aa612a4
-
SHA1
8b766296561c3c8bd7f2d73558b221e8e2eab9d6
-
SHA256
57eda30942d963c9ae7ec19dfd3e4398a7ef7bad711d8bf415fd157b4aacd7aa
-
SHA512
ac9fa71dd96c40594940be39d5a4c9cf8ca998c64068aa031f41b85110b4f0f4af35d2638fe65638475db4196dd4e495eeddda683954c040d64476f698efc28f
-
SSDEEP
12288:xy90IU1oAx16rqtpvol+uF6arH0y8GGezkE2fB+4nkpcn7LZwRjz3fo+AcBwxtxa:xyICAT6Ot6ZFnrUybpzt2p7nkpU7m2w
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1