General
-
Target
2fa23fe74d8db262a3dfbd54895f3704eb81f9c53c8748f82ec72eda368c6adc
-
Size
479KB
-
Sample
241104-qcr6wazdqg
-
MD5
905d56a1faa52089369e7d36dc43f2ab
-
SHA1
4a0d9e22642e4457bf9b51e3701e90b4554d37a5
-
SHA256
2fa23fe74d8db262a3dfbd54895f3704eb81f9c53c8748f82ec72eda368c6adc
-
SHA512
1ee4a7f85df60896d9a6065fdab6eb392cb8ddddd0b3fbc663111a57606b1fde3ad9f9feb74575133d0ecbfc1a805b676487699ffb2fc53d1d4a2077e46a9e27
-
SSDEEP
12288:vMrwy90wRs0n5c1u31UTrO26Qb8te6J4TnVCxDn7hQ3dLV2:3yRCaX2TS2N8te6Jl78LA
Malware Config
Targets
-
-
Target
2fa23fe74d8db262a3dfbd54895f3704eb81f9c53c8748f82ec72eda368c6adc
-
Size
479KB
-
MD5
905d56a1faa52089369e7d36dc43f2ab
-
SHA1
4a0d9e22642e4457bf9b51e3701e90b4554d37a5
-
SHA256
2fa23fe74d8db262a3dfbd54895f3704eb81f9c53c8748f82ec72eda368c6adc
-
SHA512
1ee4a7f85df60896d9a6065fdab6eb392cb8ddddd0b3fbc663111a57606b1fde3ad9f9feb74575133d0ecbfc1a805b676487699ffb2fc53d1d4a2077e46a9e27
-
SSDEEP
12288:vMrwy90wRs0n5c1u31UTrO26Qb8te6J4TnVCxDn7hQ3dLV2:3yRCaX2TS2N8te6Jl78LA
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1