General
-
Target
6303b8ac7b417dd568c53fa51713029aeba39a76b18a0cd7bf8865e9cf1283a4
-
Size
1.5MB
-
Sample
241111-c8mz5s1clj
-
MD5
f17d59006472c72a9532b57c3c0ded5b
-
SHA1
1cf962c0880c0940f310c3507e3be5fcdcb1a3ef
-
SHA256
6303b8ac7b417dd568c53fa51713029aeba39a76b18a0cd7bf8865e9cf1283a4
-
SHA512
e720b5034c42ce1bb6bc1d82ff3620d3a79b5f4c3be66ad7081e673e7f06b3aae1c663b32a91f7905dfe48fefb9fd26c60e19dfb5b68abbc49e6f9d3749bc656
-
SSDEEP
24576:MyG3z4/LZxMMk2jlk+pF/5Ep3K5sRB69BT4V4IpasHCIckjA:7T/LZGr2jlBKPR0r4uIp/iIr
Malware Config
Targets
-
-
Target
6303b8ac7b417dd568c53fa51713029aeba39a76b18a0cd7bf8865e9cf1283a4
-
Size
1.5MB
-
MD5
f17d59006472c72a9532b57c3c0ded5b
-
SHA1
1cf962c0880c0940f310c3507e3be5fcdcb1a3ef
-
SHA256
6303b8ac7b417dd568c53fa51713029aeba39a76b18a0cd7bf8865e9cf1283a4
-
SHA512
e720b5034c42ce1bb6bc1d82ff3620d3a79b5f4c3be66ad7081e673e7f06b3aae1c663b32a91f7905dfe48fefb9fd26c60e19dfb5b68abbc49e6f9d3749bc656
-
SSDEEP
24576:MyG3z4/LZxMMk2jlk+pF/5Ep3K5sRB69BT4V4IpasHCIckjA:7T/LZGr2jlBKPR0r4uIp/iIr
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1