General
-
Target
4bc85699c990cd71e0897a1ea80e8448a5dc67caa912d9696fc5942758649ab3
-
Size
694KB
-
Sample
241111-bx56xaspfm
-
MD5
7c1eda7a16815c80c4f5605ed16d5062
-
SHA1
7f9a74caa1019f48a72f9a1fa67983affe833ce8
-
SHA256
4bc85699c990cd71e0897a1ea80e8448a5dc67caa912d9696fc5942758649ab3
-
SHA512
fee21af416c55c9009385cdcc60f53363c51fa2bdec14252420c9cbc76cef0daa5256ca25f7120c843e360ee68eb5ac1b2af3474a38ec96b52185da6892f5e48
-
SSDEEP
12288:ky90bJjlHjqgC/r1OX5tn1cOyUm5Krzv6ILfZHVN375/eWEvf1gUzm:kymJjlDnC/r1OXf1n4azTDLN375GW49i
Malware Config
Targets
-
-
Target
4bc85699c990cd71e0897a1ea80e8448a5dc67caa912d9696fc5942758649ab3
-
Size
694KB
-
MD5
7c1eda7a16815c80c4f5605ed16d5062
-
SHA1
7f9a74caa1019f48a72f9a1fa67983affe833ce8
-
SHA256
4bc85699c990cd71e0897a1ea80e8448a5dc67caa912d9696fc5942758649ab3
-
SHA512
fee21af416c55c9009385cdcc60f53363c51fa2bdec14252420c9cbc76cef0daa5256ca25f7120c843e360ee68eb5ac1b2af3474a38ec96b52185da6892f5e48
-
SSDEEP
12288:ky90bJjlHjqgC/r1OX5tn1cOyUm5Krzv6ILfZHVN375/eWEvf1gUzm:kymJjlDnC/r1OXf1n4azTDLN375GW49i
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1