General
-
Target
8cc1938f69f892be290272eb40d02e9ce4d8cdbecb8e9bc9375beb6dc0b3367b
-
Size
1.1MB
-
Sample
241111-ceyjsatjgl
-
MD5
347b83f1868618157f6dc69b5f9be059
-
SHA1
b48972addb3296f35a3d37d5a419f091958a9d31
-
SHA256
8cc1938f69f892be290272eb40d02e9ce4d8cdbecb8e9bc9375beb6dc0b3367b
-
SHA512
0355e2718fae36c343460f87d7bfffddd25ca195bf550804fba1e9796f0aa42f8abb8dd3a03b7c1c8d0d626ea34bedf29b04403921071977587304c5fc8afef1
-
SSDEEP
24576:oy4BCXco1F2NmP85jJxVyeafZKHqLgBRcDZR5e4Zz3GPI:vDQm6xVhagHqLgBR6fh
Malware Config
Targets
-
-
Target
8cc1938f69f892be290272eb40d02e9ce4d8cdbecb8e9bc9375beb6dc0b3367b
-
Size
1.1MB
-
MD5
347b83f1868618157f6dc69b5f9be059
-
SHA1
b48972addb3296f35a3d37d5a419f091958a9d31
-
SHA256
8cc1938f69f892be290272eb40d02e9ce4d8cdbecb8e9bc9375beb6dc0b3367b
-
SHA512
0355e2718fae36c343460f87d7bfffddd25ca195bf550804fba1e9796f0aa42f8abb8dd3a03b7c1c8d0d626ea34bedf29b04403921071977587304c5fc8afef1
-
SSDEEP
24576:oy4BCXco1F2NmP85jJxVyeafZKHqLgBRcDZR5e4Zz3GPI:vDQm6xVhagHqLgBR6fh
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1