General
-
Target
0517c023134c48d7d221cd76795dec2269d9dbcbfc322bb5f953bd406028f88a
-
Size
697KB
-
Sample
241104-re4hcsznhz
-
MD5
53643b0864c9c96f0984db0f22922a18
-
SHA1
2a29bfd1cdb4e5204737afaac806803fd6da749b
-
SHA256
0517c023134c48d7d221cd76795dec2269d9dbcbfc322bb5f953bd406028f88a
-
SHA512
fd234fd96da35a3738bef37884ba050c559822d8107888ee9edd6be39b946c1cff6a64448232d086fd2e8394ea11b2c08d21b427753b3e909ca4f947a224691b
-
SSDEEP
12288:ay90j8ONnFHX4mLoe3hN9R5eCGM5nQd0ZH2Y7zkLKBBHgK45qr8Dgj7D1di2zB25:ayKNnF3ZLd3rLoHMFQd0h2YkKBAK45MW
Malware Config
Targets
-
-
Target
0517c023134c48d7d221cd76795dec2269d9dbcbfc322bb5f953bd406028f88a
-
Size
697KB
-
MD5
53643b0864c9c96f0984db0f22922a18
-
SHA1
2a29bfd1cdb4e5204737afaac806803fd6da749b
-
SHA256
0517c023134c48d7d221cd76795dec2269d9dbcbfc322bb5f953bd406028f88a
-
SHA512
fd234fd96da35a3738bef37884ba050c559822d8107888ee9edd6be39b946c1cff6a64448232d086fd2e8394ea11b2c08d21b427753b3e909ca4f947a224691b
-
SSDEEP
12288:ay90j8ONnFHX4mLoe3hN9R5eCGM5nQd0ZH2Y7zkLKBBHgK45qr8Dgj7D1di2zB25:ayKNnF3ZLd3rLoHMFQd0h2YkKBAK45MW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1