General
-
Target
69bcfd8038f97005160067be82cbe082e025fed2351d524d9dd6a8cab352def8N.exe
-
Size
762KB
-
Sample
241119-127b7stmdw
-
MD5
39c38668271615a14189bc56e2f3bc30
-
SHA1
9aaa7ccd0c5ec07d188e9417d22393953e9cc4be
-
SHA256
69bcfd8038f97005160067be82cbe082e025fed2351d524d9dd6a8cab352def8
-
SHA512
f031bd8d6d2189f147c8971e9397cb818b2a4eeadfa991885ffca607d1b1f0c93eb8efe57b1c226b0632c1c76aa0f76f250608fecce2a944d3b3425cc058166e
-
SSDEEP
12288:Jy90/qjyGppsWA338zK0Kvw+AnPkkKwMh78mqmqAPLuM7cx0Z90LQ:JyOyjTq8W25P6wMhgB9AjuucCv
Malware Config
Targets
-
-
Target
69bcfd8038f97005160067be82cbe082e025fed2351d524d9dd6a8cab352def8N.exe
-
Size
762KB
-
MD5
39c38668271615a14189bc56e2f3bc30
-
SHA1
9aaa7ccd0c5ec07d188e9417d22393953e9cc4be
-
SHA256
69bcfd8038f97005160067be82cbe082e025fed2351d524d9dd6a8cab352def8
-
SHA512
f031bd8d6d2189f147c8971e9397cb818b2a4eeadfa991885ffca607d1b1f0c93eb8efe57b1c226b0632c1c76aa0f76f250608fecce2a944d3b3425cc058166e
-
SSDEEP
12288:Jy90/qjyGppsWA338zK0Kvw+AnPkkKwMh78mqmqAPLuM7cx0Z90LQ:JyOyjTq8W25P6wMhgB9AjuucCv
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1