General
-
Target
6661cecad8b63e2e4774416f462bcc2779bfc4e05ff7f14b97a971093d076745
-
Size
418KB
-
Sample
241110-3dxh7swqfz
-
MD5
e1b50b3751c705e6d376cbe7f559ae77
-
SHA1
d58526095d7ca66f1b662f8b601df20f205ed60c
-
SHA256
6661cecad8b63e2e4774416f462bcc2779bfc4e05ff7f14b97a971093d076745
-
SHA512
620492206fe5c50f3e507c2d7613f30df2c1d714247624b48dbcda151eeee2875fa790f091cb4fc7187faa097b7af9c65a5e74534fa909f6aa07e82dbed0f0d8
-
SSDEEP
6144:KZy+bnr+hp0yN90QEHmq+Wjib0rARd3oBo6oPWLCYmJoMv/eScBJWAHYNCY:zMrVy90hZtsRdoGBYu5PcWAHYNCY
Malware Config
Targets
-
-
Target
6661cecad8b63e2e4774416f462bcc2779bfc4e05ff7f14b97a971093d076745
-
Size
418KB
-
MD5
e1b50b3751c705e6d376cbe7f559ae77
-
SHA1
d58526095d7ca66f1b662f8b601df20f205ed60c
-
SHA256
6661cecad8b63e2e4774416f462bcc2779bfc4e05ff7f14b97a971093d076745
-
SHA512
620492206fe5c50f3e507c2d7613f30df2c1d714247624b48dbcda151eeee2875fa790f091cb4fc7187faa097b7af9c65a5e74534fa909f6aa07e82dbed0f0d8
-
SSDEEP
6144:KZy+bnr+hp0yN90QEHmq+Wjib0rARd3oBo6oPWLCYmJoMv/eScBJWAHYNCY:zMrVy90hZtsRdoGBYu5PcWAHYNCY
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1