General
-
Target
676652260c5a7b3f91e62fad024591f25a6a4f1921b4e733a61531af7a65c8c5
-
Size
694KB
-
Sample
241104-rnbtpszqaz
-
MD5
dd82661f8811a0a29e4119c52785b170
-
SHA1
93bae63e3c70bc5a7b35de705f8d6583e70ec0b4
-
SHA256
676652260c5a7b3f91e62fad024591f25a6a4f1921b4e733a61531af7a65c8c5
-
SHA512
69c9dfd1aabc212c18c39d2985c088ad5ad4f3bdf18dee621eb87ba5a810f55c1f0e7e7763f982265d8536232a03d424c4b1388904a514e9e4102ac7fefa52ed
-
SSDEEP
12288:Ny90ckYNAZPisgg1wnjBenoxGX/Z3BWw6FG18bPKhA+MSHN5iy:Ny/klPvgg1iBn0PZ3L6FG18bPyhNUy
Malware Config
Targets
-
-
Target
676652260c5a7b3f91e62fad024591f25a6a4f1921b4e733a61531af7a65c8c5
-
Size
694KB
-
MD5
dd82661f8811a0a29e4119c52785b170
-
SHA1
93bae63e3c70bc5a7b35de705f8d6583e70ec0b4
-
SHA256
676652260c5a7b3f91e62fad024591f25a6a4f1921b4e733a61531af7a65c8c5
-
SHA512
69c9dfd1aabc212c18c39d2985c088ad5ad4f3bdf18dee621eb87ba5a810f55c1f0e7e7763f982265d8536232a03d424c4b1388904a514e9e4102ac7fefa52ed
-
SSDEEP
12288:Ny90ckYNAZPisgg1wnjBenoxGX/Z3BWw6FG18bPKhA+MSHN5iy:Ny/klPvgg1iBn0PZ3L6FG18bPyhNUy
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1