General
-
Target
8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36
-
Size
1.1MB
-
Sample
241122-bt2pbaxnak
-
MD5
61b01d32cff96028325c3796a83ec98f
-
SHA1
160e8ae834d9a3a2f8b63b7bf2e27efeba7e47b0
-
SHA256
8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36
-
SHA512
99f3ed9889b2b5c2b7e3fe8dd9585a09930852a5498b54c555ecab8feeeec3785d48ae276c7327eb72a251534adbe83cb57944a21a671599c008a89a915c8fb6
-
SSDEEP
24576:KyrHaRryJ1kVpZgkPRFioaBuGbcE0T/SwwxLyomI4T:RTaRrsqPhaBFbxo/Zwx/+
Malware Config
Targets
-
-
Target
8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36
-
Size
1.1MB
-
MD5
61b01d32cff96028325c3796a83ec98f
-
SHA1
160e8ae834d9a3a2f8b63b7bf2e27efeba7e47b0
-
SHA256
8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36
-
SHA512
99f3ed9889b2b5c2b7e3fe8dd9585a09930852a5498b54c555ecab8feeeec3785d48ae276c7327eb72a251534adbe83cb57944a21a671599c008a89a915c8fb6
-
SSDEEP
24576:KyrHaRryJ1kVpZgkPRFioaBuGbcE0T/SwwxLyomI4T:RTaRrsqPhaBFbxo/Zwx/+
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1