General
-
Target
9e64f799a8a8be104f37600c7ae6489261a0b6e89b2ecf35cd6b74328da30ee6
-
Size
705KB
-
Sample
241111-b5apzazfja
-
MD5
9c67db527642254955403eb91262639f
-
SHA1
fb0c3ee22e52e0e263bd9db74b97f5f1f61a22ae
-
SHA256
9e64f799a8a8be104f37600c7ae6489261a0b6e89b2ecf35cd6b74328da30ee6
-
SHA512
245f2ee1d88a840deb114dd85c60c3a71ffdd48444be10739715ec9528225fa8c804aabccd380edbdced6ea913418be2f70780b3f00da9d48ab3a5bb07f89c05
-
SSDEEP
12288:py90jIE/1N0blWvIDJ1CHqI3AodPcJR8RSJc8BZTqwrGJY8c0VYZAwVmJ5:py8IE/+q0XCHJiR8R8lrGTci0M5
Malware Config
Targets
-
-
Target
9e64f799a8a8be104f37600c7ae6489261a0b6e89b2ecf35cd6b74328da30ee6
-
Size
705KB
-
MD5
9c67db527642254955403eb91262639f
-
SHA1
fb0c3ee22e52e0e263bd9db74b97f5f1f61a22ae
-
SHA256
9e64f799a8a8be104f37600c7ae6489261a0b6e89b2ecf35cd6b74328da30ee6
-
SHA512
245f2ee1d88a840deb114dd85c60c3a71ffdd48444be10739715ec9528225fa8c804aabccd380edbdced6ea913418be2f70780b3f00da9d48ab3a5bb07f89c05
-
SSDEEP
12288:py90jIE/1N0blWvIDJ1CHqI3AodPcJR8RSJc8BZTqwrGJY8c0VYZAwVmJ5:py8IE/+q0XCHJiR8R8lrGTci0M5
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1