General
-
Target
30170679e4ec96c1a340a567ffff904878a150a3537af5651dadff803374e79d.exe
-
Size
764KB
-
Sample
241119-jl6masxjdm
-
MD5
dfde52ac16f9194baee325a3bc984063
-
SHA1
4f825c296b86ff33db743a285e906b0f949316ca
-
SHA256
30170679e4ec96c1a340a567ffff904878a150a3537af5651dadff803374e79d
-
SHA512
fb4f016b7fddf0ca0733ed9f54394905bb58d7ea28939540ab6c06bf6436369575eac32c60ca87f7526ab35c42802a0aa72359d8ebe87699250143fef469a9a0
-
SSDEEP
12288:Yy90xBllvPMFMotocoLoBZUnNBwNGpgcdTY+TIthcrv6WbbJgJcaveIIlttUrUC/:YyEllsF3GJ/HwAO+dj6I9gHm1ltg/
Malware Config
Targets
-
-
Target
30170679e4ec96c1a340a567ffff904878a150a3537af5651dadff803374e79d.exe
-
Size
764KB
-
MD5
dfde52ac16f9194baee325a3bc984063
-
SHA1
4f825c296b86ff33db743a285e906b0f949316ca
-
SHA256
30170679e4ec96c1a340a567ffff904878a150a3537af5651dadff803374e79d
-
SHA512
fb4f016b7fddf0ca0733ed9f54394905bb58d7ea28939540ab6c06bf6436369575eac32c60ca87f7526ab35c42802a0aa72359d8ebe87699250143fef469a9a0
-
SSDEEP
12288:Yy90xBllvPMFMotocoLoBZUnNBwNGpgcdTY+TIthcrv6WbbJgJcaveIIlttUrUC/:YyEllsF3GJ/HwAO+dj6I9gHm1ltg/
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1