General
-
Target
c4a5f2435c64c859037b3e8dde5f8c9b838f52ccdc90cefaa121d028c95060ab.exe
-
Size
624KB
-
Sample
241118-m6crhazpbj
-
MD5
e529caefd9b418be618d1ebaf05a29c2
-
SHA1
c23159abf81062b7ac7ea7e6af8630e0e982c6b8
-
SHA256
c4a5f2435c64c859037b3e8dde5f8c9b838f52ccdc90cefaa121d028c95060ab
-
SHA512
a7143cf54ce66eae63eea4957dbc639688b5b1e73715dbc414028406943ca9fb1e22b4bef45b3a6ae9d0b0e16d152ee9030a1283047cddb38761fcd8d1bfbf2f
-
SSDEEP
12288:zy90WvYvAREFopANElSawz3ObIHg7tRE+M68k161qWN+4lb:zyF0ARQNElezQygzy6f61qWNFb
Malware Config
Targets
-
-
Target
c4a5f2435c64c859037b3e8dde5f8c9b838f52ccdc90cefaa121d028c95060ab.exe
-
Size
624KB
-
MD5
e529caefd9b418be618d1ebaf05a29c2
-
SHA1
c23159abf81062b7ac7ea7e6af8630e0e982c6b8
-
SHA256
c4a5f2435c64c859037b3e8dde5f8c9b838f52ccdc90cefaa121d028c95060ab
-
SHA512
a7143cf54ce66eae63eea4957dbc639688b5b1e73715dbc414028406943ca9fb1e22b4bef45b3a6ae9d0b0e16d152ee9030a1283047cddb38761fcd8d1bfbf2f
-
SSDEEP
12288:zy90WvYvAREFopANElSawz3ObIHg7tRE+M68k161qWN+4lb:zyF0ARQNElezQygzy6f61qWNFb
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1