General
-
Target
55dd1b906aa504ea99624443e7cbd8d895e968a0d32cddf67c9ff895218fe1a7
-
Size
567KB
-
Sample
241110-3kz8nszrfl
-
MD5
f47640e1b5fe4c4f106de9bcbcf327ff
-
SHA1
cfcdb5aa4ff632c4ed1ddb9b368cfc5ce53f024c
-
SHA256
55dd1b906aa504ea99624443e7cbd8d895e968a0d32cddf67c9ff895218fe1a7
-
SHA512
70304ec5e80f0e71db9667aa5f443ac077f5ffda2f2f0bd3a3dda2e1776cae0b0e4206515d17fab2f3d8bbda6e23ec7165d10755f5cc9b33ed6a10058d446c94
-
SSDEEP
6144:scGeO+ueO+ueO+uTDzjTDzjTDzjTDzjQAwgQAwgQAwgQ5p0yN90QE1BnA65JTk4H:Wy90fhfeyPqyGhYqSRd6qPuGTMWUW
Malware Config
Targets
-
-
Target
55dd1b906aa504ea99624443e7cbd8d895e968a0d32cddf67c9ff895218fe1a7
-
Size
567KB
-
MD5
f47640e1b5fe4c4f106de9bcbcf327ff
-
SHA1
cfcdb5aa4ff632c4ed1ddb9b368cfc5ce53f024c
-
SHA256
55dd1b906aa504ea99624443e7cbd8d895e968a0d32cddf67c9ff895218fe1a7
-
SHA512
70304ec5e80f0e71db9667aa5f443ac077f5ffda2f2f0bd3a3dda2e1776cae0b0e4206515d17fab2f3d8bbda6e23ec7165d10755f5cc9b33ed6a10058d446c94
-
SSDEEP
6144:scGeO+ueO+ueO+uTDzjTDzjTDzjTDzjQAwgQAwgQAwgQ5p0yN90QE1BnA65JTk4H:Wy90fhfeyPqyGhYqSRd6qPuGTMWUW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1