General
-
Target
9c583d34e10d03a8f54fc27c256ccab7620234286295a8d587149987b19dede5N.exe
-
Size
414KB
-
Sample
241118-tnvypa1apq
-
MD5
266e4964381bd072b1876d7b7c6380d0
-
SHA1
187cd84aea4a6a0e27aa903649d9ecb5f1bd340a
-
SHA256
9c583d34e10d03a8f54fc27c256ccab7620234286295a8d587149987b19dede5
-
SHA512
4af600453c1340cb92bfa936b6c08ade62ecfd7e4fb3e62a3a510db62899f58d1f952bc0e2cfe9d9ef2e8c6dc2c42fa1d7b6910a8e82cc6d00b518e2cf63d650
-
SSDEEP
6144:CVp0yN90QEZLSaAHHk7Q/UZgYp7PUvuhUACyajfEphyssapi1Rl:Ry90jLD4O1z4/djfCossapiJ
Malware Config
Targets
-
-
Target
9c583d34e10d03a8f54fc27c256ccab7620234286295a8d587149987b19dede5N.exe
-
Size
414KB
-
MD5
266e4964381bd072b1876d7b7c6380d0
-
SHA1
187cd84aea4a6a0e27aa903649d9ecb5f1bd340a
-
SHA256
9c583d34e10d03a8f54fc27c256ccab7620234286295a8d587149987b19dede5
-
SHA512
4af600453c1340cb92bfa936b6c08ade62ecfd7e4fb3e62a3a510db62899f58d1f952bc0e2cfe9d9ef2e8c6dc2c42fa1d7b6910a8e82cc6d00b518e2cf63d650
-
SSDEEP
6144:CVp0yN90QEZLSaAHHk7Q/UZgYp7PUvuhUACyajfEphyssapi1Rl:Ry90jLD4O1z4/djfCossapiJ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1