General
-
Target
1d52b7a8f57f98480d1aaaeff720b142b76862bd290160a88c6c666fb9727a30
-
Size
930KB
-
Sample
241121-y39gva1mhl
-
MD5
1bc2c34b846c51d3d9efc5a46d930f03
-
SHA1
3179920414b803d7410b4d6fc616db70a63e0399
-
SHA256
1d52b7a8f57f98480d1aaaeff720b142b76862bd290160a88c6c666fb9727a30
-
SHA512
241751a6dc71a7bb253a56dd74d342d1be85a8551ccb7fdf08dff285aff8b78c2c065cc1168bd21b30200987b29a8b92c7d7b180aba8a6773882678a9a6fd526
-
SSDEEP
12288:+y90LcDwSIuQKOppkwxgrCCF/yUXUkm6V1FeL32YOUo8H7vbTeXFeH3ZuGmQ:+ysBSI7dFC/ykmwFjCCzM
Malware Config
Targets
-
-
Target
1d52b7a8f57f98480d1aaaeff720b142b76862bd290160a88c6c666fb9727a30
-
Size
930KB
-
MD5
1bc2c34b846c51d3d9efc5a46d930f03
-
SHA1
3179920414b803d7410b4d6fc616db70a63e0399
-
SHA256
1d52b7a8f57f98480d1aaaeff720b142b76862bd290160a88c6c666fb9727a30
-
SHA512
241751a6dc71a7bb253a56dd74d342d1be85a8551ccb7fdf08dff285aff8b78c2c065cc1168bd21b30200987b29a8b92c7d7b180aba8a6773882678a9a6fd526
-
SSDEEP
12288:+y90LcDwSIuQKOppkwxgrCCF/yUXUkm6V1FeL32YOUo8H7vbTeXFeH3ZuGmQ:+ysBSI7dFC/ykmwFjCCzM
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1