General
-
Target
ef937da6845f00661aaeb1c82c713540b6f4bf014561f2cac2c3ce11195f41c7.exe
-
Size
761KB
-
Sample
241119-1z13eatlgy
-
MD5
b9c07cad096f96ed7c79720f7c071119
-
SHA1
bb2a78d895674e1737aa5dbd57394bcf9686196e
-
SHA256
ef937da6845f00661aaeb1c82c713540b6f4bf014561f2cac2c3ce11195f41c7
-
SHA512
59db0b2c40314f65b89b89a6ead3523e2c0673e9d739c7e502164a739b4acace9e3fd643e6b95b4809540e6f8935e79e459928f594a79a34b7c438138717a606
-
SSDEEP
12288:Uy90d89P603MMihR/1aikHYUeTLDnvHFYmqIqMPJuM+CZeKlmbwox:UyYDhR/9kHYHjfiBHMhubC8Klmbwox
Malware Config
Targets
-
-
Target
ef937da6845f00661aaeb1c82c713540b6f4bf014561f2cac2c3ce11195f41c7.exe
-
Size
761KB
-
MD5
b9c07cad096f96ed7c79720f7c071119
-
SHA1
bb2a78d895674e1737aa5dbd57394bcf9686196e
-
SHA256
ef937da6845f00661aaeb1c82c713540b6f4bf014561f2cac2c3ce11195f41c7
-
SHA512
59db0b2c40314f65b89b89a6ead3523e2c0673e9d739c7e502164a739b4acace9e3fd643e6b95b4809540e6f8935e79e459928f594a79a34b7c438138717a606
-
SSDEEP
12288:Uy90d89P603MMihR/1aikHYUeTLDnvHFYmqIqMPJuM+CZeKlmbwox:UyYDhR/9kHYHjfiBHMhubC8Klmbwox
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1