General
-
Target
432ba4a90558d2d03e4471b7c83d7fdc4255d61116cb854cb977877f7c591662
-
Size
704KB
-
Sample
241118-y57e9strgz
-
MD5
02808a985a1d2b1e9df1f01c927389ec
-
SHA1
a1694f943957b90c65ac31573611c9ef1d34f914
-
SHA256
432ba4a90558d2d03e4471b7c83d7fdc4255d61116cb854cb977877f7c591662
-
SHA512
f9ebde954e185542a387b75d2409d26cc4d2164ebd9ac75dd9e00a774338b274647365f28f5c56de189005aaf17d5ce8f46925b16b9e6a9c203308919e8428cc
-
SSDEEP
12288:6y90uMjQDJZxQOHmnYKXuNVR7S7l0wTvBoTAKeq714ETSCo2A:6ynzxQOGnbu7RO7lVlsAKeq7KlGA
Malware Config
Targets
-
-
Target
432ba4a90558d2d03e4471b7c83d7fdc4255d61116cb854cb977877f7c591662
-
Size
704KB
-
MD5
02808a985a1d2b1e9df1f01c927389ec
-
SHA1
a1694f943957b90c65ac31573611c9ef1d34f914
-
SHA256
432ba4a90558d2d03e4471b7c83d7fdc4255d61116cb854cb977877f7c591662
-
SHA512
f9ebde954e185542a387b75d2409d26cc4d2164ebd9ac75dd9e00a774338b274647365f28f5c56de189005aaf17d5ce8f46925b16b9e6a9c203308919e8428cc
-
SSDEEP
12288:6y90uMjQDJZxQOHmnYKXuNVR7S7l0wTvBoTAKeq714ETSCo2A:6ynzxQOGnbu7RO7lVlsAKeq7KlGA
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1