General
-
Target
606af681a6b329d7b6d60e2bb94cc2f38f57af9e862bce4a3486ea9283acb691.exe
-
Size
415KB
-
Sample
241118-yhgw4atmct
-
MD5
b84ba5cf15fd35a8c36ce34cfef1a332
-
SHA1
a0c7caa7bfb671bb221a5d58b2f1b0c16aa015c4
-
SHA256
606af681a6b329d7b6d60e2bb94cc2f38f57af9e862bce4a3486ea9283acb691
-
SHA512
7f62c2f9b9099a89ca8002b34f3ac097e5f5923411d37f2ca717867513eb48ea3b70f0b4062cb3139b109a6f0c1ee04db78f6112d2f3f107d67d941d2ab4672d
-
SSDEEP
6144:nOp0yN90QE1gYXhBLqXYGIwcNTObXmLlg312qBDDqxlhzjg+W/zS8KxlVVth45h4:Py90IYxB2X6Nw0lqxWhgFhKxREVU
Malware Config
Targets
-
-
Target
606af681a6b329d7b6d60e2bb94cc2f38f57af9e862bce4a3486ea9283acb691.exe
-
Size
415KB
-
MD5
b84ba5cf15fd35a8c36ce34cfef1a332
-
SHA1
a0c7caa7bfb671bb221a5d58b2f1b0c16aa015c4
-
SHA256
606af681a6b329d7b6d60e2bb94cc2f38f57af9e862bce4a3486ea9283acb691
-
SHA512
7f62c2f9b9099a89ca8002b34f3ac097e5f5923411d37f2ca717867513eb48ea3b70f0b4062cb3139b109a6f0c1ee04db78f6112d2f3f107d67d941d2ab4672d
-
SSDEEP
6144:nOp0yN90QE1gYXhBLqXYGIwcNTObXmLlg312qBDDqxlhzjg+W/zS8KxlVVth45h4:Py90IYxB2X6Nw0lqxWhgFhKxREVU
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1