General
-
Target
2c78dee597735abfa9f35559c6dc73757d059bdde3f30e78460da1ed88a48c16.exe
-
Size
768KB
-
Sample
241118-m7nv6avmhs
-
MD5
caec31dd142a8fe873bbf29e2ead9c89
-
SHA1
cde93ea7908376dde12f013d93c450a03f76b97c
-
SHA256
2c78dee597735abfa9f35559c6dc73757d059bdde3f30e78460da1ed88a48c16
-
SHA512
54119688535e47295483a9878debea4de0327e48da9534222e917c49e726067516c1b18d86e4fc0308fb1fa3d4f521249cf217f6c0c51f8bc0af4ff12c291920
-
SSDEEP
24576:QyGStthdm65OJ9B//6exORisFHlZPYMNdfy8FZ:XDDm6YrBH6exxs/ZPYky87
Malware Config
Targets
-
-
Target
2c78dee597735abfa9f35559c6dc73757d059bdde3f30e78460da1ed88a48c16.exe
-
Size
768KB
-
MD5
caec31dd142a8fe873bbf29e2ead9c89
-
SHA1
cde93ea7908376dde12f013d93c450a03f76b97c
-
SHA256
2c78dee597735abfa9f35559c6dc73757d059bdde3f30e78460da1ed88a48c16
-
SHA512
54119688535e47295483a9878debea4de0327e48da9534222e917c49e726067516c1b18d86e4fc0308fb1fa3d4f521249cf217f6c0c51f8bc0af4ff12c291920
-
SSDEEP
24576:QyGStthdm65OJ9B//6exORisFHlZPYMNdfy8FZ:XDDm6YrBH6exxs/ZPYky87
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1