General
-
Target
8ed5287a117b28588a59e919c71ae6feb187c16ae5ac6b4e9706213cf195366f
-
Size
558KB
-
Sample
241111-b51ldszfkc
-
MD5
d59ca0005b5685c03eaa430952dec64d
-
SHA1
d0983d6d1070308394b73291ad53ba9e22622f82
-
SHA256
8ed5287a117b28588a59e919c71ae6feb187c16ae5ac6b4e9706213cf195366f
-
SHA512
de80814daa9f08afbc648a16e4c01d5440313138281998f9fc9ab6d67b80b4332dfb2192bd36e6cd1da1d82b723c41774f6cc1030198753dfecf67c3296953ac
-
SSDEEP
12288:gy90E+REWIbD9tCvtgy7N1fB706Kpc/EZQcWXNQ1ZRf:gyt+KWIbyF1pQ6KpIEZtrf
Malware Config
Targets
-
-
Target
8ed5287a117b28588a59e919c71ae6feb187c16ae5ac6b4e9706213cf195366f
-
Size
558KB
-
MD5
d59ca0005b5685c03eaa430952dec64d
-
SHA1
d0983d6d1070308394b73291ad53ba9e22622f82
-
SHA256
8ed5287a117b28588a59e919c71ae6feb187c16ae5ac6b4e9706213cf195366f
-
SHA512
de80814daa9f08afbc648a16e4c01d5440313138281998f9fc9ab6d67b80b4332dfb2192bd36e6cd1da1d82b723c41774f6cc1030198753dfecf67c3296953ac
-
SSDEEP
12288:gy90E+REWIbD9tCvtgy7N1fB706Kpc/EZQcWXNQ1ZRf:gyt+KWIbyF1pQ6KpIEZtrf
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1