General
-
Target
4f76e1d29a988ab7532225e6b8111bae0ba32af1c5337aaf23a281e522978ec1.exe
-
Size
623KB
-
Sample
241118-slggvaypbx
-
MD5
c1df03b8d35c1f261f4875b1a341ddf5
-
SHA1
00385470fe67c46066ae47aefadb76377eeac569
-
SHA256
4f76e1d29a988ab7532225e6b8111bae0ba32af1c5337aaf23a281e522978ec1
-
SHA512
5787e2aae129fcdcf96dae90411611e9c7b36425e99d4be80c724ce97257d576556660f12420f9594a4e55c24f2b5676f3cf24840837f3ada8235b60eb9ede6a
-
SSDEEP
12288:yy90u234+n6UrrtOTVAcrYw8U0t++oyQDdtFasqDoApm:yyS4ylrWMNt7oylsqDoIm
Malware Config
Targets
-
-
Target
4f76e1d29a988ab7532225e6b8111bae0ba32af1c5337aaf23a281e522978ec1.exe
-
Size
623KB
-
MD5
c1df03b8d35c1f261f4875b1a341ddf5
-
SHA1
00385470fe67c46066ae47aefadb76377eeac569
-
SHA256
4f76e1d29a988ab7532225e6b8111bae0ba32af1c5337aaf23a281e522978ec1
-
SHA512
5787e2aae129fcdcf96dae90411611e9c7b36425e99d4be80c724ce97257d576556660f12420f9594a4e55c24f2b5676f3cf24840837f3ada8235b60eb9ede6a
-
SSDEEP
12288:yy90u234+n6UrrtOTVAcrYw8U0t++oyQDdtFasqDoApm:yyS4ylrWMNt7oylsqDoIm
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1