General
-
Target
1b9c86493383cc839cefe8254522c20a41e8bcc49a12a4395ae5319e6a4fc530
-
Size
695KB
-
Sample
241111-c78v8azpcw
-
MD5
8c48a8144856c18498a21da5dd0f781c
-
SHA1
fc907d0885d12a7efe14c2549a4f9e4e492e16c7
-
SHA256
1b9c86493383cc839cefe8254522c20a41e8bcc49a12a4395ae5319e6a4fc530
-
SHA512
d240e20e890b73c36a4d28561cb50d152b7c67c5789494473fbb223e2fd381538a66e5b0376dc26ec68580c28a2cc4994fe89b1714b8d4a0e1006bd05513636d
-
SSDEEP
12288:By90qIwA1EmjBUJW083VDnkhG2kXT7Dz2arx0BfaCsf:BygwAfjZdVx/pKcCsf
Malware Config
Targets
-
-
Target
1b9c86493383cc839cefe8254522c20a41e8bcc49a12a4395ae5319e6a4fc530
-
Size
695KB
-
MD5
8c48a8144856c18498a21da5dd0f781c
-
SHA1
fc907d0885d12a7efe14c2549a4f9e4e492e16c7
-
SHA256
1b9c86493383cc839cefe8254522c20a41e8bcc49a12a4395ae5319e6a4fc530
-
SHA512
d240e20e890b73c36a4d28561cb50d152b7c67c5789494473fbb223e2fd381538a66e5b0376dc26ec68580c28a2cc4994fe89b1714b8d4a0e1006bd05513636d
-
SSDEEP
12288:By90qIwA1EmjBUJW083VDnkhG2kXT7Dz2arx0BfaCsf:BygwAfjZdVx/pKcCsf
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1