General
-
Target
be83fb72665165a3dce549202f819d06c8c0db665269acc13da25a230bcdf0bb
-
Size
1.0MB
-
Sample
241111-arl1eayela
-
MD5
ad1d6a6e66aaa86ae31d167cd0758a55
-
SHA1
2009b13d8a51a6a91e78d8059a8862be799e5279
-
SHA256
be83fb72665165a3dce549202f819d06c8c0db665269acc13da25a230bcdf0bb
-
SHA512
c705fe35c17aedac310947ed28ddc759442ae848609694af91e1b2e72aab3f550905525c6cb1acde2e17a0afedcaaf8842ab5e4e77c580d96606cc76f202c88d
-
SSDEEP
24576:7CAYkSvuevX2o0Kjm4BNQyv39+v19w6NpkH+RQ0R4owkPiyFG7HEK:jStvX2ozjm4HFv3M0ckH+RocjFG
Malware Config
Targets
-
-
Target
be83fb72665165a3dce549202f819d06c8c0db665269acc13da25a230bcdf0bb
-
Size
1.0MB
-
MD5
ad1d6a6e66aaa86ae31d167cd0758a55
-
SHA1
2009b13d8a51a6a91e78d8059a8862be799e5279
-
SHA256
be83fb72665165a3dce549202f819d06c8c0db665269acc13da25a230bcdf0bb
-
SHA512
c705fe35c17aedac310947ed28ddc759442ae848609694af91e1b2e72aab3f550905525c6cb1acde2e17a0afedcaaf8842ab5e4e77c580d96606cc76f202c88d
-
SSDEEP
24576:7CAYkSvuevX2o0Kjm4BNQyv39+v19w6NpkH+RQ0R4owkPiyFG7HEK:jStvX2ozjm4HFv3M0ckH+RocjFG
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1