General
-
Target
baff089ac037785d7a55f991959341ce5584f25d2683895e9fe3c4d6659e9195.exe
-
Size
408KB
-
Sample
241119-rzv2qasjhn
-
MD5
d00dc141985964096e9e435e7091a763
-
SHA1
083b218e3e5ecb9324059171aae5ee0b88d9e615
-
SHA256
baff089ac037785d7a55f991959341ce5584f25d2683895e9fe3c4d6659e9195
-
SHA512
aa34e2701dc4c02db8f5a7328c1a8c3acda9cd334af409a85638f561d07c242b2f15cce2ef1287acaf9d924eeb41d55935acb539346f74f1e9d0a58918b9cf00
-
SSDEEP
6144:pgNp0yN90QEC7Jpa5RmtlnMTPQFA0c/jSHQDopBbpy/ej+sGNiIZfjXBYLD:WIy90kfgQlMQtc/jspbbol+I17BYLD
Malware Config
Targets
-
-
Target
baff089ac037785d7a55f991959341ce5584f25d2683895e9fe3c4d6659e9195.exe
-
Size
408KB
-
MD5
d00dc141985964096e9e435e7091a763
-
SHA1
083b218e3e5ecb9324059171aae5ee0b88d9e615
-
SHA256
baff089ac037785d7a55f991959341ce5584f25d2683895e9fe3c4d6659e9195
-
SHA512
aa34e2701dc4c02db8f5a7328c1a8c3acda9cd334af409a85638f561d07c242b2f15cce2ef1287acaf9d924eeb41d55935acb539346f74f1e9d0a58918b9cf00
-
SSDEEP
6144:pgNp0yN90QEC7Jpa5RmtlnMTPQFA0c/jSHQDopBbpy/ej+sGNiIZfjXBYLD:WIy90kfgQlMQtc/jspbbol+I17BYLD
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1