General
-
Target
611f90cd096276db7ae9a86d4bc38b0e796578eb9e30d01905628dcdfc53abcf.exe
-
Size
608KB
-
Sample
241118-zs8y1azngj
-
MD5
369f312dab7e8927bb3ae0937294e14a
-
SHA1
a7c016d0ba2dc49efcd1b116612c705adaa0e42b
-
SHA256
611f90cd096276db7ae9a86d4bc38b0e796578eb9e30d01905628dcdfc53abcf
-
SHA512
c94a3d8687f35f6295d125193059074a495a24003fc957284c94793efc4c04572f110cca34d7b01bc5470d82faa7c85d5dd9b68dfb2eacee590fe08341d67d30
-
SSDEEP
12288:iy90nHi6SQQoDB7wOYH8qevjKd+8f/W8DoNtDZs3EWOE2:iyJQQuB72Hlsjo+c/W8YtDWd2
Malware Config
Targets
-
-
Target
611f90cd096276db7ae9a86d4bc38b0e796578eb9e30d01905628dcdfc53abcf.exe
-
Size
608KB
-
MD5
369f312dab7e8927bb3ae0937294e14a
-
SHA1
a7c016d0ba2dc49efcd1b116612c705adaa0e42b
-
SHA256
611f90cd096276db7ae9a86d4bc38b0e796578eb9e30d01905628dcdfc53abcf
-
SHA512
c94a3d8687f35f6295d125193059074a495a24003fc957284c94793efc4c04572f110cca34d7b01bc5470d82faa7c85d5dd9b68dfb2eacee590fe08341d67d30
-
SSDEEP
12288:iy90nHi6SQQoDB7wOYH8qevjKd+8f/W8DoNtDZs3EWOE2:iyJQQuB72Hlsjo+c/W8YtDWd2
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1