General
-
Target
5133c72b126ee1a0cde662582b1d64de1318adc8ea8b269c05e50d9a21bf4d4aN.exe
-
Size
931KB
-
Sample
241119-j9ll2asldw
-
MD5
ec29f8f17396692617d98b9c59b2fc70
-
SHA1
6f07033036d41a0c36320588a01f1f5f9c61e093
-
SHA256
5133c72b126ee1a0cde662582b1d64de1318adc8ea8b269c05e50d9a21bf4d4a
-
SHA512
e9c8f65fc919332652f5b455f42b018df7a5030fb87e5c9060c8f4de9ce64a4362ca3c14ee0ab01ffd72c4e2e07077c61bc25952bea46b0e4e78948b5fd8509a
-
SSDEEP
24576:lyOWcp/bklaVRdmt+5ajThH3qNJDqquyDWBZZg:AfksUDap3qNJDqqTDWB
Malware Config
Targets
-
-
Target
5133c72b126ee1a0cde662582b1d64de1318adc8ea8b269c05e50d9a21bf4d4aN.exe
-
Size
931KB
-
MD5
ec29f8f17396692617d98b9c59b2fc70
-
SHA1
6f07033036d41a0c36320588a01f1f5f9c61e093
-
SHA256
5133c72b126ee1a0cde662582b1d64de1318adc8ea8b269c05e50d9a21bf4d4a
-
SHA512
e9c8f65fc919332652f5b455f42b018df7a5030fb87e5c9060c8f4de9ce64a4362ca3c14ee0ab01ffd72c4e2e07077c61bc25952bea46b0e4e78948b5fd8509a
-
SSDEEP
24576:lyOWcp/bklaVRdmt+5ajThH3qNJDqquyDWBZZg:AfksUDap3qNJDqqTDWB
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1