General
-
Target
454c954a569e50f8f9c5fba73864589ace400faaf76847a33af8f8d23caa17f8
-
Size
569KB
-
Sample
241123-1rz55sykgw
-
MD5
b75bf00bad8660c367459cb100fe63c5
-
SHA1
31a0a73e659d5aafde62940cf12ade97b9b80f4d
-
SHA256
454c954a569e50f8f9c5fba73864589ace400faaf76847a33af8f8d23caa17f8
-
SHA512
21ba703bd734fe4dd27be2cc09822455fc92f5c83047b6cdbd5d045875cfd3a19d18f8630f0cc7e071bcb3547332fd13c3656aebe38bfc63c0e2ff16f8ec8005
-
SSDEEP
12288:jy90M4yrYuJoV+C9B6ZhWLoAwyUK+kR6zqFeY2XnYvymHwx:jycyRJK+C9DwyvRrF6nYvm
Malware Config
Targets
-
-
Target
454c954a569e50f8f9c5fba73864589ace400faaf76847a33af8f8d23caa17f8
-
Size
569KB
-
MD5
b75bf00bad8660c367459cb100fe63c5
-
SHA1
31a0a73e659d5aafde62940cf12ade97b9b80f4d
-
SHA256
454c954a569e50f8f9c5fba73864589ace400faaf76847a33af8f8d23caa17f8
-
SHA512
21ba703bd734fe4dd27be2cc09822455fc92f5c83047b6cdbd5d045875cfd3a19d18f8630f0cc7e071bcb3547332fd13c3656aebe38bfc63c0e2ff16f8ec8005
-
SSDEEP
12288:jy90M4yrYuJoV+C9B6ZhWLoAwyUK+kR6zqFeY2XnYvymHwx:jycyRJK+C9DwyvRrF6nYvm
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1