General
-
Target
f2a78419277e53e91f10a489b46781855c8cf5a5641725e968c06e506d0c44e8N.exe
-
Size
624KB
-
Sample
241119-18aa2stenf
-
MD5
a8a5492f231c1e544fb8cded30d61140
-
SHA1
3ffb17c2b0c2516801613fb6a7af49d216a900c9
-
SHA256
f2a78419277e53e91f10a489b46781855c8cf5a5641725e968c06e506d0c44e8
-
SHA512
5674b603ae6e0be1f225df8ed520ea976dfd58746d6d94bd23833e9aff2d15475b6c2ebfb45eea90f976226c33b9456e4bf100c3d2f84b0635ac48c96f5173fe
-
SSDEEP
12288:6y90LhZ/1s9trH2fdSPt5I/eabGUg7pRfp7JKT77dyk9svE:6ysbK9trHcdgQ2cZgfvKTx9l
Malware Config
Targets
-
-
Target
f2a78419277e53e91f10a489b46781855c8cf5a5641725e968c06e506d0c44e8N.exe
-
Size
624KB
-
MD5
a8a5492f231c1e544fb8cded30d61140
-
SHA1
3ffb17c2b0c2516801613fb6a7af49d216a900c9
-
SHA256
f2a78419277e53e91f10a489b46781855c8cf5a5641725e968c06e506d0c44e8
-
SHA512
5674b603ae6e0be1f225df8ed520ea976dfd58746d6d94bd23833e9aff2d15475b6c2ebfb45eea90f976226c33b9456e4bf100c3d2f84b0635ac48c96f5173fe
-
SSDEEP
12288:6y90LhZ/1s9trH2fdSPt5I/eabGUg7pRfp7JKT77dyk9svE:6ysbK9trHcdgQ2cZgfvKTx9l
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1