General
-
Target
7891518c3d4aaff456c99eeabf0b275d0e23b27ce61895207a73f27225dcf374
-
Size
695KB
-
Sample
241111-b2e6aasqdm
-
MD5
3b94593f74d76cacb92e7f7e4c847f25
-
SHA1
db4d4ce4ac16223f327bee66d7f016d774b5d992
-
SHA256
7891518c3d4aaff456c99eeabf0b275d0e23b27ce61895207a73f27225dcf374
-
SHA512
db10e4ddcad89e45df49de2b6ae87ef619ac5553e7fe1864f2b4556750f382b2ad36e567273a60f612550727ea47079d5009386d1d4fdeabcbb046266f736c28
-
SSDEEP
12288:My90pK8cZ1jCtCRqetFDoZwIcB1d4dRg2IGDaroQlXdQncYh2in:MyIcZ12YNFU2ICsrrFDadzQ1hHn
Malware Config
Targets
-
-
Target
7891518c3d4aaff456c99eeabf0b275d0e23b27ce61895207a73f27225dcf374
-
Size
695KB
-
MD5
3b94593f74d76cacb92e7f7e4c847f25
-
SHA1
db4d4ce4ac16223f327bee66d7f016d774b5d992
-
SHA256
7891518c3d4aaff456c99eeabf0b275d0e23b27ce61895207a73f27225dcf374
-
SHA512
db10e4ddcad89e45df49de2b6ae87ef619ac5553e7fe1864f2b4556750f382b2ad36e567273a60f612550727ea47079d5009386d1d4fdeabcbb046266f736c28
-
SSDEEP
12288:My90pK8cZ1jCtCRqetFDoZwIcB1d4dRg2IGDaroQlXdQncYh2in:MyIcZ12YNFU2ICsrrFDadzQ1hHn
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1