General
-
Target
ca4321e7c1d397ff1996c1ca11982e5c1ae209ab981643019483402bc864b318N.exe
-
Size
705KB
-
Sample
241125-t1bqksskej
-
MD5
d279263c474152958bc2612995d13bf0
-
SHA1
760bb4a1643e5e24f78d6c7146252bce2243c2b9
-
SHA256
ca4321e7c1d397ff1996c1ca11982e5c1ae209ab981643019483402bc864b318
-
SHA512
10c107640cb1444b65570e47bdb1bce0a0bd71ef3c18c9588df819b6adc1917f3350437a306a9e6717993515240d7c6ba1bd9c5494bfdfaa9ed0aa473f6cd1fd
-
SSDEEP
12288:gy90eyy+aHD45NtODfLKvD05Jm3npNnHNLItFGaeoqncVCGgL8IO1VAVQ1YSNgnu:gyElU4DYfmDt3npRWtFNqc6UVAlVo
Malware Config
Targets
-
-
Target
ca4321e7c1d397ff1996c1ca11982e5c1ae209ab981643019483402bc864b318N.exe
-
Size
705KB
-
MD5
d279263c474152958bc2612995d13bf0
-
SHA1
760bb4a1643e5e24f78d6c7146252bce2243c2b9
-
SHA256
ca4321e7c1d397ff1996c1ca11982e5c1ae209ab981643019483402bc864b318
-
SHA512
10c107640cb1444b65570e47bdb1bce0a0bd71ef3c18c9588df819b6adc1917f3350437a306a9e6717993515240d7c6ba1bd9c5494bfdfaa9ed0aa473f6cd1fd
-
SSDEEP
12288:gy90eyy+aHD45NtODfLKvD05Jm3npNnHNLItFGaeoqncVCGgL8IO1VAVQ1YSNgnu:gyElU4DYfmDt3npRWtFNqc6UVAlVo
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1