General
-
Target
260496875b246963322753c0d259e320abee2974fe398171cdbb96e907a91a16
-
Size
568KB
-
Sample
241104-q7rhts1ajh
-
MD5
ca7def6efcfc4bc4334ec39282f59a7d
-
SHA1
160f42d44433011f2123e8a37bd4acd83ccdb0b5
-
SHA256
260496875b246963322753c0d259e320abee2974fe398171cdbb96e907a91a16
-
SHA512
5d94d3dfe72ba41ef7db33544be6b30703e311ae4dd479ef1e7293f9d683298479b8e6288731dc578c8c8db48bf9dc190d0a7493c255e2878eb31e15b752d109
-
SSDEEP
12288:Uy900AZTxOo3ZoLNTJE/uxFBIriiEnOsO6bhOrWKIpG:UyfM+hC1EnHO6kKzG
Malware Config
Targets
-
-
Target
260496875b246963322753c0d259e320abee2974fe398171cdbb96e907a91a16
-
Size
568KB
-
MD5
ca7def6efcfc4bc4334ec39282f59a7d
-
SHA1
160f42d44433011f2123e8a37bd4acd83ccdb0b5
-
SHA256
260496875b246963322753c0d259e320abee2974fe398171cdbb96e907a91a16
-
SHA512
5d94d3dfe72ba41ef7db33544be6b30703e311ae4dd479ef1e7293f9d683298479b8e6288731dc578c8c8db48bf9dc190d0a7493c255e2878eb31e15b752d109
-
SSDEEP
12288:Uy900AZTxOo3ZoLNTJE/uxFBIriiEnOsO6bhOrWKIpG:UyfM+hC1EnHO6kKzG
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1