General
-
Target
eb0388949bad1e43a54e4e7abb47948eb84d024c7042550990ea4d2e3c27b82f.exe
-
Size
690KB
-
Sample
241111-axhvyayclq
-
MD5
f6c2bc829f66a10e807a2a044548e2c8
-
SHA1
0dbea9a109dd63cdb9764eae1cc6459edec190b2
-
SHA256
eb0388949bad1e43a54e4e7abb47948eb84d024c7042550990ea4d2e3c27b82f
-
SHA512
2250b9da782977ee57dc42ad54f496080c3298948c47a870a3a64abb4225ab8bdc86b3ebc21b5b1093fcad8001a3f5ded776a51e06c5d8f6aea895d4ad1fec6d
-
SSDEEP
12288:qy90pTPO5H6GZGeqKSjKUgz46ARJWG0+fA2FmB8JTkm:qyQOb+tgz4zRJR42FYwkm
Malware Config
Targets
-
-
Target
eb0388949bad1e43a54e4e7abb47948eb84d024c7042550990ea4d2e3c27b82f.exe
-
Size
690KB
-
MD5
f6c2bc829f66a10e807a2a044548e2c8
-
SHA1
0dbea9a109dd63cdb9764eae1cc6459edec190b2
-
SHA256
eb0388949bad1e43a54e4e7abb47948eb84d024c7042550990ea4d2e3c27b82f
-
SHA512
2250b9da782977ee57dc42ad54f496080c3298948c47a870a3a64abb4225ab8bdc86b3ebc21b5b1093fcad8001a3f5ded776a51e06c5d8f6aea895d4ad1fec6d
-
SSDEEP
12288:qy90pTPO5H6GZGeqKSjKUgz46ARJWG0+fA2FmB8JTkm:qyQOb+tgz4zRJR42FYwkm
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1