General
-
Target
0a12539bfc8f57d283ca7f227ef918228bc0afb342726892903fb6d5b4e4df56
-
Size
611KB
-
Sample
241111-b175nsynhv
-
MD5
e9e19db0e018ceb578c2f0391d0eef62
-
SHA1
dc1f625b24f054f4541d59e3a6ab961bb6e25e2a
-
SHA256
0a12539bfc8f57d283ca7f227ef918228bc0afb342726892903fb6d5b4e4df56
-
SHA512
228cb6fc3e22ed99765cc1914e858b4fda1c8c316c855d09b8bd265085fc15923dc5e10d661637245e6408bffc99019c57a33748ab683d0b6e7507f9488f87b8
-
SSDEEP
12288:jy90h+IqYVYk8jDlOf6O9LCutAXCdJpZRl8j40Wi:jys++Va/Mf6EDAXiJpZD8jT
Malware Config
Targets
-
-
Target
0a12539bfc8f57d283ca7f227ef918228bc0afb342726892903fb6d5b4e4df56
-
Size
611KB
-
MD5
e9e19db0e018ceb578c2f0391d0eef62
-
SHA1
dc1f625b24f054f4541d59e3a6ab961bb6e25e2a
-
SHA256
0a12539bfc8f57d283ca7f227ef918228bc0afb342726892903fb6d5b4e4df56
-
SHA512
228cb6fc3e22ed99765cc1914e858b4fda1c8c316c855d09b8bd265085fc15923dc5e10d661637245e6408bffc99019c57a33748ab683d0b6e7507f9488f87b8
-
SSDEEP
12288:jy90h+IqYVYk8jDlOf6O9LCutAXCdJpZRl8j40Wi:jys++Va/Mf6EDAXiJpZD8jT
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1