General
-
Target
8e9626399113d0d90a8f19b29cb3b9379e25454e3394b0a4b2139e760cf4b25aN.exe
-
Size
470KB
-
Sample
241118-sdrylsymgy
-
MD5
3e9cc53131393549a6a4eb2725e80d30
-
SHA1
ac8e692cfe7941a8a25294337d18e10e3905f1c7
-
SHA256
8e9626399113d0d90a8f19b29cb3b9379e25454e3394b0a4b2139e760cf4b25a
-
SHA512
2545c1af3afffeb9031c7b7ce33e5ea3c44a4309bfa1c24296bd9700df69a92ce3c61ed677471b955ec5e9d17728a2dcf149dc2e4a411c047ccf30d1fb95fbb1
-
SSDEEP
12288:7y90sUXZL7vunYpNcex2KbRng76RlwsimVG3l:7y67vuYpNv2MJgcuRj1
Malware Config
Targets
-
-
Target
8e9626399113d0d90a8f19b29cb3b9379e25454e3394b0a4b2139e760cf4b25aN.exe
-
Size
470KB
-
MD5
3e9cc53131393549a6a4eb2725e80d30
-
SHA1
ac8e692cfe7941a8a25294337d18e10e3905f1c7
-
SHA256
8e9626399113d0d90a8f19b29cb3b9379e25454e3394b0a4b2139e760cf4b25a
-
SHA512
2545c1af3afffeb9031c7b7ce33e5ea3c44a4309bfa1c24296bd9700df69a92ce3c61ed677471b955ec5e9d17728a2dcf149dc2e4a411c047ccf30d1fb95fbb1
-
SSDEEP
12288:7y90sUXZL7vunYpNcex2KbRng76RlwsimVG3l:7y67vuYpNv2MJgcuRj1
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1