General
-
Target
282e3364b9c51f9d129cb8cc59cd3982c8641ef426f93e5e03eb58655a316f15
-
Size
479KB
-
Sample
241110-13yrfsweqk
-
MD5
74cfe8573741bb83f9581c7878554d4b
-
SHA1
c6ab944aeff507b6e855413e84a9304bf4083262
-
SHA256
282e3364b9c51f9d129cb8cc59cd3982c8641ef426f93e5e03eb58655a316f15
-
SHA512
63488f8b3dbb2ed7e0cf1d6ad08bdfb13e58986baa8a9a4031cf7e73e6305483d1420c4135eeaa3f0e3f69336ce580834197849a787af58e1719b550789639d8
-
SSDEEP
12288:eMrwy90y4eBOMN+7cNINppXq3SpnkLOQbl4Q1Fj3buu8JPIT8r:6yzEIWjF0UGplBHbuu8kW
Malware Config
Targets
-
-
Target
282e3364b9c51f9d129cb8cc59cd3982c8641ef426f93e5e03eb58655a316f15
-
Size
479KB
-
MD5
74cfe8573741bb83f9581c7878554d4b
-
SHA1
c6ab944aeff507b6e855413e84a9304bf4083262
-
SHA256
282e3364b9c51f9d129cb8cc59cd3982c8641ef426f93e5e03eb58655a316f15
-
SHA512
63488f8b3dbb2ed7e0cf1d6ad08bdfb13e58986baa8a9a4031cf7e73e6305483d1420c4135eeaa3f0e3f69336ce580834197849a787af58e1719b550789639d8
-
SSDEEP
12288:eMrwy90y4eBOMN+7cNINppXq3SpnkLOQbl4Q1Fj3buu8JPIT8r:6yzEIWjF0UGplBHbuu8kW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1