General
-
Target
2f7c20db50230436f32eb4256b48083ddcb3e81b5f7091113f16127f3e16d883
-
Size
640KB
-
Sample
241110-1279hawenl
-
MD5
90dc60c1d5f85bafa57c765bcba7f746
-
SHA1
ddcebabda76231d4d42198f556ebaf32cf9ae9fc
-
SHA256
2f7c20db50230436f32eb4256b48083ddcb3e81b5f7091113f16127f3e16d883
-
SHA512
ba216f81e1d1ec7622ba7e06e27f23d32a2fac6260a2a5cd65ac3284e3e402c214c0365cf13a28c0c3bbe228ae19ccd2f3dba4f22f670fea279693a66b7669ca
-
SSDEEP
12288:by90jl4CYoPkyUrTkaCkclY7wLDwjD1grzITjbcnr:byQUoEfsfYn6PIvgnr
Malware Config
Targets
-
-
Target
2f7c20db50230436f32eb4256b48083ddcb3e81b5f7091113f16127f3e16d883
-
Size
640KB
-
MD5
90dc60c1d5f85bafa57c765bcba7f746
-
SHA1
ddcebabda76231d4d42198f556ebaf32cf9ae9fc
-
SHA256
2f7c20db50230436f32eb4256b48083ddcb3e81b5f7091113f16127f3e16d883
-
SHA512
ba216f81e1d1ec7622ba7e06e27f23d32a2fac6260a2a5cd65ac3284e3e402c214c0365cf13a28c0c3bbe228ae19ccd2f3dba4f22f670fea279693a66b7669ca
-
SSDEEP
12288:by90jl4CYoPkyUrTkaCkclY7wLDwjD1grzITjbcnr:byQUoEfsfYn6PIvgnr
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1