General
-
Target
854648915f31bda671f540f3001c6a3ca69857040c91a234fce953317223a922.exe
-
Size
607KB
-
Sample
241118-xkswpssngw
-
MD5
b08b359458b7464dd97cd2607f3c4cc6
-
SHA1
1e607ebbe31f030775a3847c6c425077d739465d
-
SHA256
854648915f31bda671f540f3001c6a3ca69857040c91a234fce953317223a922
-
SHA512
95fb18486a97e924f592dac6331fb8396b163b241d6b52f825c8ab8ef275cc2336a766653423b0e59ef7fdc748a045a18c63ad579d4834640451088840d4a800
-
SSDEEP
12288:fy904oAhaw4rYwBxHUeqeBNeHFBmq9qdPPuMR0xqXVe:fywvw43BxHHqeBN4HBgdXuQ0kVe
Malware Config
Targets
-
-
Target
854648915f31bda671f540f3001c6a3ca69857040c91a234fce953317223a922.exe
-
Size
607KB
-
MD5
b08b359458b7464dd97cd2607f3c4cc6
-
SHA1
1e607ebbe31f030775a3847c6c425077d739465d
-
SHA256
854648915f31bda671f540f3001c6a3ca69857040c91a234fce953317223a922
-
SHA512
95fb18486a97e924f592dac6331fb8396b163b241d6b52f825c8ab8ef275cc2336a766653423b0e59ef7fdc748a045a18c63ad579d4834640451088840d4a800
-
SSDEEP
12288:fy904oAhaw4rYwBxHUeqeBNeHFBmq9qdPPuMR0xqXVe:fywvw43BxHHqeBN4HBgdXuQ0kVe
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1