General
-
Target
e3e46af722c5be2b3bbcaa92c9d46a451b132dcc50e4f7be754b063017526211
-
Size
566KB
-
Sample
241104-q192lazhlf
-
MD5
1af28c65d1ba53096934d2862056f660
-
SHA1
42b6a69f60d6e8c662a5578cc5f8b491171f1556
-
SHA256
e3e46af722c5be2b3bbcaa92c9d46a451b132dcc50e4f7be754b063017526211
-
SHA512
199bacbd2c976826c6f21ea82ca6f5c63d6a3afc7eeb3c779123cdcbfc39db67fc9ce5f783a7ab4c15c7426a41de20b8a7f3f8e431139255fc91365d964d0ca0
-
SSDEEP
6144:Hqp0yN90QELOpixMvMrwTos3M5H18ay5umv5DId8d1cCNd/MTdszfXIbZiXdu4Aw:ry90gGMEns61uF5rdnSJszSZik8Y2
Malware Config
Targets
-
-
Target
e3e46af722c5be2b3bbcaa92c9d46a451b132dcc50e4f7be754b063017526211
-
Size
566KB
-
MD5
1af28c65d1ba53096934d2862056f660
-
SHA1
42b6a69f60d6e8c662a5578cc5f8b491171f1556
-
SHA256
e3e46af722c5be2b3bbcaa92c9d46a451b132dcc50e4f7be754b063017526211
-
SHA512
199bacbd2c976826c6f21ea82ca6f5c63d6a3afc7eeb3c779123cdcbfc39db67fc9ce5f783a7ab4c15c7426a41de20b8a7f3f8e431139255fc91365d964d0ca0
-
SSDEEP
6144:Hqp0yN90QELOpixMvMrwTos3M5H18ay5umv5DId8d1cCNd/MTdszfXIbZiXdu4Aw:ry90gGMEns61uF5rdnSJszSZik8Y2
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1