General
-
Target
393b54248f88c421df2ad57191e23f1e4eff6a60829754fd7ccda05b3817df44
-
Size
690KB
-
Sample
241104-qe5vraspdq
-
MD5
2689e5a5792aab2e7a0a9c4c51e6701f
-
SHA1
714b857d687f4c26065ecc6f10323834e13be6b4
-
SHA256
393b54248f88c421df2ad57191e23f1e4eff6a60829754fd7ccda05b3817df44
-
SHA512
1569f62dd26f68c61bdce441ecaa49c4393a7446c70c874841c35fdc313a770ef77faaf1d50c440add9b0a7689d319c53541d46e51bcf6d5a3dcd0d284df7d41
-
SSDEEP
12288:ty90M0BEWj1xjbDCAG5bu7DiDguRPwIxpIi/rxDZySWL2u+081h:tymfjfUC6sWjBxDZyXL2fH
Malware Config
Targets
-
-
Target
393b54248f88c421df2ad57191e23f1e4eff6a60829754fd7ccda05b3817df44
-
Size
690KB
-
MD5
2689e5a5792aab2e7a0a9c4c51e6701f
-
SHA1
714b857d687f4c26065ecc6f10323834e13be6b4
-
SHA256
393b54248f88c421df2ad57191e23f1e4eff6a60829754fd7ccda05b3817df44
-
SHA512
1569f62dd26f68c61bdce441ecaa49c4393a7446c70c874841c35fdc313a770ef77faaf1d50c440add9b0a7689d319c53541d46e51bcf6d5a3dcd0d284df7d41
-
SSDEEP
12288:ty90M0BEWj1xjbDCAG5bu7DiDguRPwIxpIi/rxDZySWL2u+081h:tymfjfUC6sWjBxDZyXL2fH
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1