General
-
Target
a7f3b399002ea862e125f3f01cca8a0b6e4affcb2401b21eae1a5f6f46ecdf62
-
Size
568KB
-
Sample
241122-degfyasrgv
-
MD5
3d0eb17ada7b2504a4eac0aa3040ba36
-
SHA1
a70b2182940bbb55700a53ea189c2c05b1b76080
-
SHA256
a7f3b399002ea862e125f3f01cca8a0b6e4affcb2401b21eae1a5f6f46ecdf62
-
SHA512
c3c99778f53cc6015bf8373eef8bf93c2a9672e4ccd58e384fa620f31312b3a40e25b82c8fa14eccf26a2173d4c60b1b8f5c5d39189fb0b068c9fb005cd42259
-
SSDEEP
12288:/y90RKdRzmesXMDm+PlQ1OR68HO+/8EtKFjA3v/9DU31/Bca:/y/RmXM3NYGhpB3vhU31/Bca
Malware Config
Targets
-
-
Target
a7f3b399002ea862e125f3f01cca8a0b6e4affcb2401b21eae1a5f6f46ecdf62
-
Size
568KB
-
MD5
3d0eb17ada7b2504a4eac0aa3040ba36
-
SHA1
a70b2182940bbb55700a53ea189c2c05b1b76080
-
SHA256
a7f3b399002ea862e125f3f01cca8a0b6e4affcb2401b21eae1a5f6f46ecdf62
-
SHA512
c3c99778f53cc6015bf8373eef8bf93c2a9672e4ccd58e384fa620f31312b3a40e25b82c8fa14eccf26a2173d4c60b1b8f5c5d39189fb0b068c9fb005cd42259
-
SSDEEP
12288:/y90RKdRzmesXMDm+PlQ1OR68HO+/8EtKFjA3v/9DU31/Bca:/y/RmXM3NYGhpB3vhU31/Bca
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1