Overview

overview

10

Static

static

3

5255d88c1a...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5255d88c1ae12bdc720b0508a46ab4724bf695f0eda3b59f0cc9d2ea055cc445

  • Size

    563KB

  • Sample

    241111-b29d5azblk

  • MD5

    0231090a760a7ab2b52069ae303b3fe9

  • SHA1

    f564a09c770d4caa67adf69e5254a8514a0837ad

  • SHA256

    5255d88c1ae12bdc720b0508a46ab4724bf695f0eda3b59f0cc9d2ea055cc445

  • SHA512

    a1974030971ee003b7aa1af80b6e71b304b0cc7195181388f53119eeadc3a8cd3fb52944d67c3f464161e2549ac17bfe9aabc06a5f7aded0d3f22b335efbd538

  • SSDEEP

    12288:Oy90Q3rLxiaRTrvoxGPJZPoc5I97KCuBuv3:OyhrhrgxGPJZwcOhl3

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      5255d88c1ae12bdc720b0508a46ab4724bf695f0eda3b59f0cc9d2ea055cc445

    • Size

      563KB

    • MD5

      0231090a760a7ab2b52069ae303b3fe9

    • SHA1

      f564a09c770d4caa67adf69e5254a8514a0837ad

    • SHA256

      5255d88c1ae12bdc720b0508a46ab4724bf695f0eda3b59f0cc9d2ea055cc445

    • SHA512

      a1974030971ee003b7aa1af80b6e71b304b0cc7195181388f53119eeadc3a8cd3fb52944d67c3f464161e2549ac17bfe9aabc06a5f7aded0d3f22b335efbd538

    • SSDEEP

      12288:Oy90Q3rLxiaRTrvoxGPJZPoc5I97KCuBuv3:OyhrhrgxGPJZwcOhl3

    Score
    10/10
    healerredlinediscoverydropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks