General
-
Target
969ee783e350f544386a1f9756ec3d5aa971f45901dfa970272a185017f3990c.exe
-
Size
405KB
-
Sample
241119-fnyspazgrg
-
MD5
ba6efb82b025c24e946fc98242ba27cb
-
SHA1
93774935e54c427211d142bb968947ccd4ef926c
-
SHA256
969ee783e350f544386a1f9756ec3d5aa971f45901dfa970272a185017f3990c
-
SHA512
aeb58c4fb2338047af35d3c96cc3ea5dfe8d2a7afe6b4ea08ba8bb08f776e9d08a05c2ee33065cc534cb94a79ad31f797fcfe72827ac6b0ebdfa5c2396f8ea11
-
SSDEEP
6144:2Wp0yN90QE5GT0aHxzu3sUoHc6x06HeEcxuwmwQk1RoFeZX/q2YVF:Ky90P3Jb6ueeEcY/kzEF
Malware Config
Targets
-
-
Target
969ee783e350f544386a1f9756ec3d5aa971f45901dfa970272a185017f3990c.exe
-
Size
405KB
-
MD5
ba6efb82b025c24e946fc98242ba27cb
-
SHA1
93774935e54c427211d142bb968947ccd4ef926c
-
SHA256
969ee783e350f544386a1f9756ec3d5aa971f45901dfa970272a185017f3990c
-
SHA512
aeb58c4fb2338047af35d3c96cc3ea5dfe8d2a7afe6b4ea08ba8bb08f776e9d08a05c2ee33065cc534cb94a79ad31f797fcfe72827ac6b0ebdfa5c2396f8ea11
-
SSDEEP
6144:2Wp0yN90QE5GT0aHxzu3sUoHc6x06HeEcxuwmwQk1RoFeZX/q2YVF:Ky90P3Jb6ueeEcY/kzEF
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1