General
-
Target
30afbb9386a4f4ffe85ecd81125986899fbbd69b482ab62e369cbf9e47a938e1N
-
Size
827KB
-
Sample
241111-cjmm3s1ajc
-
MD5
70734d4a54b6a6687e34b471cc2712e0
-
SHA1
a737a9a4027cff92558ca4ba98760fd15560368a
-
SHA256
30afbb9386a4f4ffe85ecd81125986899fbbd69b482ab62e369cbf9e47a938e1
-
SHA512
421e1ac520bb1ea711c1dfeeeaa207dc374828083b19051f1a231a5c9c5608074935b1369966da8e59e5a46d5aedabbd6c37f65b429984ac387a87aa2885478a
-
SSDEEP
24576:Cy9lNx1KI6u/TYoEvtxQm9eZAgIy5Xy01ahtzKGB:prDQIJ/TYDReugIynQ
Malware Config
Targets
-
-
Target
30afbb9386a4f4ffe85ecd81125986899fbbd69b482ab62e369cbf9e47a938e1N
-
Size
827KB
-
MD5
70734d4a54b6a6687e34b471cc2712e0
-
SHA1
a737a9a4027cff92558ca4ba98760fd15560368a
-
SHA256
30afbb9386a4f4ffe85ecd81125986899fbbd69b482ab62e369cbf9e47a938e1
-
SHA512
421e1ac520bb1ea711c1dfeeeaa207dc374828083b19051f1a231a5c9c5608074935b1369966da8e59e5a46d5aedabbd6c37f65b429984ac387a87aa2885478a
-
SSDEEP
24576:Cy9lNx1KI6u/TYoEvtxQm9eZAgIy5Xy01ahtzKGB:prDQIJ/TYDReugIynQ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1