General
-
Target
6263a7265dfe9f73116f855e7575d4ff1d846c448110010c5f1694850be53818
-
Size
568KB
-
Sample
241122-aq4h3awqdj
-
MD5
cd520397a76f946d11b0ae0e2fed6f8c
-
SHA1
3db3d14d0b378772c561b5ef45f2d3b6d0166278
-
SHA256
6263a7265dfe9f73116f855e7575d4ff1d846c448110010c5f1694850be53818
-
SHA512
ea2d71fba4288ae991b70c848c31d8e576f50a24bf42e30861b9707023bbfd563238d11a58074eff9b889f87d972cc85515ca597ba219d94229173823ad483b5
-
SSDEEP
6144:r0p0yN90QECodl17ONZJfXmNodG5+TDDEBasPfF+pWKrdJ7NHd6BpB05C37XgdaX:hy908oF7wZJfKkG5WmDwHOqIwgX
Malware Config
Targets
-
-
Target
6263a7265dfe9f73116f855e7575d4ff1d846c448110010c5f1694850be53818
-
Size
568KB
-
MD5
cd520397a76f946d11b0ae0e2fed6f8c
-
SHA1
3db3d14d0b378772c561b5ef45f2d3b6d0166278
-
SHA256
6263a7265dfe9f73116f855e7575d4ff1d846c448110010c5f1694850be53818
-
SHA512
ea2d71fba4288ae991b70c848c31d8e576f50a24bf42e30861b9707023bbfd563238d11a58074eff9b889f87d972cc85515ca597ba219d94229173823ad483b5
-
SSDEEP
6144:r0p0yN90QECodl17ONZJfXmNodG5+TDDEBasPfF+pWKrdJ7NHd6BpB05C37XgdaX:hy908oF7wZJfKkG5WmDwHOqIwgX
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1