General
-
Target
7c5d2d30b0dc6929f93245cd7ce41fc262589c6debe02484ee0e4591c946e4c7
-
Size
698KB
-
Sample
241110-3p28tsxjgy
-
MD5
191fbcef3292dc4e1c44f2be68bb7fdc
-
SHA1
106f9f290f822ddb8c5205c9aa36d80ab1bbbe97
-
SHA256
7c5d2d30b0dc6929f93245cd7ce41fc262589c6debe02484ee0e4591c946e4c7
-
SHA512
39d808c8dcf29fd574e7a4d02e880340bc66094d6d7d4c4dc199453d63ce22dfe54ba6ebcb3097734e87d45d7803b3b1f614c3029b8e9d367479fdbc371371dd
-
SSDEEP
12288:3y90Cxkl8rNT2fUqnt5zOlo3lWt9L9WwUIvjogG7aVtLBtWO2c:3yLxaGaUqnKmAt9LHMd7aDzH2c
Malware Config
Targets
-
-
Target
7c5d2d30b0dc6929f93245cd7ce41fc262589c6debe02484ee0e4591c946e4c7
-
Size
698KB
-
MD5
191fbcef3292dc4e1c44f2be68bb7fdc
-
SHA1
106f9f290f822ddb8c5205c9aa36d80ab1bbbe97
-
SHA256
7c5d2d30b0dc6929f93245cd7ce41fc262589c6debe02484ee0e4591c946e4c7
-
SHA512
39d808c8dcf29fd574e7a4d02e880340bc66094d6d7d4c4dc199453d63ce22dfe54ba6ebcb3097734e87d45d7803b3b1f614c3029b8e9d367479fdbc371371dd
-
SSDEEP
12288:3y90Cxkl8rNT2fUqnt5zOlo3lWt9L9WwUIvjogG7aVtLBtWO2c:3yLxaGaUqnKmAt9LHMd7aDzH2c
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1