General
-
Target
f9ef5e5e24efe5c4cc8659f19ead050fc5ec698cecea2a0802e1ade2a16e9e95
-
Size
568KB
-
Sample
241104-qbxd7ssnhq
-
MD5
ba292e86a9c8eb813502ab2b3c92ec60
-
SHA1
3f19265cb6d3ff295aea7057375ba1ea7d472c37
-
SHA256
f9ef5e5e24efe5c4cc8659f19ead050fc5ec698cecea2a0802e1ade2a16e9e95
-
SHA512
82958f99e5dd838b63934dc37d96b822ddf956f651ad7921df431987565c480517e9217639d5006c45ac6a6d8929847777d0fca23d4716fe9f1ecc7875faf850
-
SSDEEP
12288:8y90c3odxUFchxZEGxMA9vYf/mCr4iYtORXwehBNcd1VHh6eIbUk08:8yfodxUjGxM5f/jYt+XzIXVHh6pUd8
Malware Config
Targets
-
-
Target
f9ef5e5e24efe5c4cc8659f19ead050fc5ec698cecea2a0802e1ade2a16e9e95
-
Size
568KB
-
MD5
ba292e86a9c8eb813502ab2b3c92ec60
-
SHA1
3f19265cb6d3ff295aea7057375ba1ea7d472c37
-
SHA256
f9ef5e5e24efe5c4cc8659f19ead050fc5ec698cecea2a0802e1ade2a16e9e95
-
SHA512
82958f99e5dd838b63934dc37d96b822ddf956f651ad7921df431987565c480517e9217639d5006c45ac6a6d8929847777d0fca23d4716fe9f1ecc7875faf850
-
SSDEEP
12288:8y90c3odxUFchxZEGxMA9vYf/mCr4iYtORXwehBNcd1VHh6eIbUk08:8yfodxUjGxM5f/jYt+XzIXVHh6pUd8
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1