General
-
Target
74d1ccd9b7c8431889388133b754a7923c201576922e978f156c312f746b9fa6
-
Size
694KB
-
Sample
241110-3s8j1sxflk
-
MD5
b9e3ec94ccef37ea4f41a8b2ce65a39b
-
SHA1
e742e4da4f2bf47de89761d7e67211ac0867f5b5
-
SHA256
74d1ccd9b7c8431889388133b754a7923c201576922e978f156c312f746b9fa6
-
SHA512
67825049258b69b0d8ad23f5b14324f1edf5fc5c6f9a637dc67a0ebb7a9606074ed91ae1d46b5b9f11fbbca5f1ab3dbe47341c4fd6bcfa76059d67e632341403
-
SSDEEP
12288:Yy905SgBOoS18XHwOFTCKSw9U0UCZWV6Fh18byKFA+2c3pFtp:YypoS10lFvS10Bm6Fh18byu93pjp
Malware Config
Targets
-
-
Target
74d1ccd9b7c8431889388133b754a7923c201576922e978f156c312f746b9fa6
-
Size
694KB
-
MD5
b9e3ec94ccef37ea4f41a8b2ce65a39b
-
SHA1
e742e4da4f2bf47de89761d7e67211ac0867f5b5
-
SHA256
74d1ccd9b7c8431889388133b754a7923c201576922e978f156c312f746b9fa6
-
SHA512
67825049258b69b0d8ad23f5b14324f1edf5fc5c6f9a637dc67a0ebb7a9606074ed91ae1d46b5b9f11fbbca5f1ab3dbe47341c4fd6bcfa76059d67e632341403
-
SSDEEP
12288:Yy905SgBOoS18XHwOFTCKSw9U0UCZWV6Fh18byKFA+2c3pFtp:YypoS10lFvS10Bm6Fh18byu93pjp
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1