General
-
Target
8f3af5cf2322b53b3282cc01946f9fdba53a371a5c64b24a221647a605ca5eff
-
Size
690KB
-
Sample
241110-1hv5tswalp
-
MD5
56b071cea91caa0a1a7ae36ba41279b1
-
SHA1
1e0fd1f2805df52529a08beae4a3530c703619a0
-
SHA256
8f3af5cf2322b53b3282cc01946f9fdba53a371a5c64b24a221647a605ca5eff
-
SHA512
59fdd49c97b9dad42a1dab4110dc409772928bcec3e58b3ecd62d3f18831d83141289028f16aec935dac64fe9020f8eee1b70737799d765eb86393351db512da
-
SSDEEP
12288:6y90AuzuFmiUY7x+5qsBaF/czVUkB8iGaaNO0nXuGDfp1GFtbdhbrp6:6yQ6FmHY7xAqpczeaa9XuGjpGZ7rp6
Malware Config
Targets
-
-
Target
8f3af5cf2322b53b3282cc01946f9fdba53a371a5c64b24a221647a605ca5eff
-
Size
690KB
-
MD5
56b071cea91caa0a1a7ae36ba41279b1
-
SHA1
1e0fd1f2805df52529a08beae4a3530c703619a0
-
SHA256
8f3af5cf2322b53b3282cc01946f9fdba53a371a5c64b24a221647a605ca5eff
-
SHA512
59fdd49c97b9dad42a1dab4110dc409772928bcec3e58b3ecd62d3f18831d83141289028f16aec935dac64fe9020f8eee1b70737799d765eb86393351db512da
-
SSDEEP
12288:6y90AuzuFmiUY7x+5qsBaF/czVUkB8iGaaNO0nXuGDfp1GFtbdhbrp6:6yQ6FmHY7xAqpczeaa9XuGjpGZ7rp6
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1