General
-
Target
93775ab417c3cc64eb09042cadc122265323c7daf4ea9bb283a75a6258b372a4N.exe
-
Size
470KB
-
Sample
241118-xn8fkatclm
-
MD5
7638f80d7dec5f6cd64a1727f701a670
-
SHA1
e7a75804f0ee60b0f9c8fdfbe69c5b1c4d3be09c
-
SHA256
93775ab417c3cc64eb09042cadc122265323c7daf4ea9bb283a75a6258b372a4
-
SHA512
1365886c5adfd236bb26f5ab0bbf97eda95aaaefc54810e85af598908f50ae722c19f4b7385965e7a2f004392671bec74905af41782923e5c23aefd0d32e4f7c
-
SSDEEP
6144:R4p0yN90QENj3Yl0+oXxsm71N7ogUNLOGdbaQbayckk1748GVdOyDa2/QaF7N:ny90nj3HHN7ogUN7dbRJg74RGcaUN
Malware Config
Targets
-
-
Target
93775ab417c3cc64eb09042cadc122265323c7daf4ea9bb283a75a6258b372a4N.exe
-
Size
470KB
-
MD5
7638f80d7dec5f6cd64a1727f701a670
-
SHA1
e7a75804f0ee60b0f9c8fdfbe69c5b1c4d3be09c
-
SHA256
93775ab417c3cc64eb09042cadc122265323c7daf4ea9bb283a75a6258b372a4
-
SHA512
1365886c5adfd236bb26f5ab0bbf97eda95aaaefc54810e85af598908f50ae722c19f4b7385965e7a2f004392671bec74905af41782923e5c23aefd0d32e4f7c
-
SSDEEP
6144:R4p0yN90QENj3Yl0+oXxsm71N7ogUNLOGdbaQbayckk1748GVdOyDa2/QaF7N:ny90nj3HHN7ogUN7dbRJg74RGcaUN
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1