General
-
Target
68ddb9646dd820d2cdc11bbe112c9fead8e2df69136ee7034fc48660243f0c9dN.exe
-
Size
610KB
-
Sample
241118-yb51catlbt
-
MD5
7a8774a4f986172ffc7fe6ee10b4d240
-
SHA1
5298c2ff830e8a314880b0710389effc59b7103d
-
SHA256
68ddb9646dd820d2cdc11bbe112c9fead8e2df69136ee7034fc48660243f0c9d
-
SHA512
f2bd88adedbba60ca933c65f081837ae5aa95e12edfdb341f9c052e87648e604f54fe7254081fbcbd4af97fc05d671d2d59129455013e8f917852c8c27576e13
-
SSDEEP
12288:sy90jMT4oISsovRsmxnVTigenKQFGUbZJghkaRC6y:sy+7oCoWCwKWGirg3Ny
Malware Config
Targets
-
-
Target
68ddb9646dd820d2cdc11bbe112c9fead8e2df69136ee7034fc48660243f0c9dN.exe
-
Size
610KB
-
MD5
7a8774a4f986172ffc7fe6ee10b4d240
-
SHA1
5298c2ff830e8a314880b0710389effc59b7103d
-
SHA256
68ddb9646dd820d2cdc11bbe112c9fead8e2df69136ee7034fc48660243f0c9d
-
SHA512
f2bd88adedbba60ca933c65f081837ae5aa95e12edfdb341f9c052e87648e604f54fe7254081fbcbd4af97fc05d671d2d59129455013e8f917852c8c27576e13
-
SSDEEP
12288:sy90jMT4oISsovRsmxnVTigenKQFGUbZJghkaRC6y:sy+7oCoWCwKWGirg3Ny
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1