General
-
Target
87738e507c0ca84445bf53f33140b0f1f9f1de5f44897fe29f93bd1003e0420c.exe
-
Size
470KB
-
Sample
241118-n23msswerq
-
MD5
a81b2e2bdf7a69eef116805c27b70381
-
SHA1
306dd08513fc155223624fbf6db2811c710501a1
-
SHA256
87738e507c0ca84445bf53f33140b0f1f9f1de5f44897fe29f93bd1003e0420c
-
SHA512
ef3cb5222ab8aa91275567f92ca2ca7fc122717de7149517505ac04d47a3ad3a323636b7305e5182080a987720dcef15c2634c445e7f49aa34588d83264aa1b4
-
SSDEEP
6144:5Tp0yN90QEeVBlC7RNuTaR4rBqUUhK6Wv5WqGOdMnRvBUUxac1gmtbER3fdtfxOD:Uy90GBlCjZ4rohivtMn4sbEh3nnq
Malware Config
Targets
-
-
Target
87738e507c0ca84445bf53f33140b0f1f9f1de5f44897fe29f93bd1003e0420c.exe
-
Size
470KB
-
MD5
a81b2e2bdf7a69eef116805c27b70381
-
SHA1
306dd08513fc155223624fbf6db2811c710501a1
-
SHA256
87738e507c0ca84445bf53f33140b0f1f9f1de5f44897fe29f93bd1003e0420c
-
SHA512
ef3cb5222ab8aa91275567f92ca2ca7fc122717de7149517505ac04d47a3ad3a323636b7305e5182080a987720dcef15c2634c445e7f49aa34588d83264aa1b4
-
SSDEEP
6144:5Tp0yN90QEeVBlC7RNuTaR4rBqUUhK6Wv5WqGOdMnRvBUUxac1gmtbER3fdtfxOD:Uy90GBlCjZ4rohivtMn4sbEh3nnq
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1