General
-
Target
f63ab618040f232da926b1c06b22415136bb66af3c9b9042095f932c59906efd
-
Size
1.0MB
-
Sample
241110-3m8b3axjct
-
MD5
9be94c7b975e556cd5300b423427a3eb
-
SHA1
bb8a5d00597bbbd0da4e8fbf821c5d8e44a533ae
-
SHA256
f63ab618040f232da926b1c06b22415136bb66af3c9b9042095f932c59906efd
-
SHA512
3c18e322d50fba1cabd957f3a971025f727da979ffb9f2a38122c9b5caa63be1bb6cdb5b1b6f8ee5ef92d68e9fbad77d53fff865efcabdce9a071845eadc7b61
-
SSDEEP
24576:kyeR2fg+hg1m+Rvp4jSPPw1iCLFeG8pZKUOyfoIYlPw:zRfS1m+B2jSCiSgpwBFlP
Malware Config
Targets
-
-
Target
f63ab618040f232da926b1c06b22415136bb66af3c9b9042095f932c59906efd
-
Size
1.0MB
-
MD5
9be94c7b975e556cd5300b423427a3eb
-
SHA1
bb8a5d00597bbbd0da4e8fbf821c5d8e44a533ae
-
SHA256
f63ab618040f232da926b1c06b22415136bb66af3c9b9042095f932c59906efd
-
SHA512
3c18e322d50fba1cabd957f3a971025f727da979ffb9f2a38122c9b5caa63be1bb6cdb5b1b6f8ee5ef92d68e9fbad77d53fff865efcabdce9a071845eadc7b61
-
SSDEEP
24576:kyeR2fg+hg1m+Rvp4jSPPw1iCLFeG8pZKUOyfoIYlPw:zRfS1m+B2jSCiSgpwBFlP
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1