General
-
Target
3bb38a8c057831bec9b600394c21f1d63b10acd8710ed871a97aa83df2eb8c55.exe
-
Size
610KB
-
Sample
241118-zkhrvavhkm
-
MD5
bd270f792c9cf0c78914dd6955fc315b
-
SHA1
9c8e546a2247a4a3f7efb45445ff38f3c528927f
-
SHA256
3bb38a8c057831bec9b600394c21f1d63b10acd8710ed871a97aa83df2eb8c55
-
SHA512
efa095838eb0f64aa51e87a78147e2d9127298f461a8c41cc786e73ba95e1531927d292875004815db99c0c5a4acb75560b112f8b333dfdf8f92b250dcec6e08
-
SSDEEP
12288:Ly90NFIV7gp2mU9U+yTtXE1gbZJgEnaR4ETl7:LyKp2dyTd5rgbBB7
Malware Config
Targets
-
-
Target
3bb38a8c057831bec9b600394c21f1d63b10acd8710ed871a97aa83df2eb8c55.exe
-
Size
610KB
-
MD5
bd270f792c9cf0c78914dd6955fc315b
-
SHA1
9c8e546a2247a4a3f7efb45445ff38f3c528927f
-
SHA256
3bb38a8c057831bec9b600394c21f1d63b10acd8710ed871a97aa83df2eb8c55
-
SHA512
efa095838eb0f64aa51e87a78147e2d9127298f461a8c41cc786e73ba95e1531927d292875004815db99c0c5a4acb75560b112f8b333dfdf8f92b250dcec6e08
-
SSDEEP
12288:Ly90NFIV7gp2mU9U+yTtXE1gbZJgEnaR4ETl7:LyKp2dyTd5rgbBB7
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1