General
-
Target
007b4662b14079159ab4414cc3fc264160dc6c320d5495a1d46805af3f55c54d.exe
-
Size
806KB
-
Sample
241119-je7k1s1hjh
-
MD5
a3cec5c6efc2dbd7b8c287b14e4f05cc
-
SHA1
fc1e49c9738003eb96cbf0b756e563ffafefc008
-
SHA256
007b4662b14079159ab4414cc3fc264160dc6c320d5495a1d46805af3f55c54d
-
SHA512
b67ef7988731fcaa8c2e6d48767836094ee7d77bfb7bf1cbab8f49114c0f30e0623a22aa364b8e9268e15588c9deee0eb2bc4140ec77ee8c1913f33c480530cd
-
SSDEEP
12288:ey90WSsXuCVyMgRh+sFyHbswglbRBT9N2rz8bxdnlj9uadVqOWYl5z8rt:eyBXuCVGM2y7Tg/Z9QrQ9uaCOLmrt
Malware Config
Targets
-
-
Target
007b4662b14079159ab4414cc3fc264160dc6c320d5495a1d46805af3f55c54d.exe
-
Size
806KB
-
MD5
a3cec5c6efc2dbd7b8c287b14e4f05cc
-
SHA1
fc1e49c9738003eb96cbf0b756e563ffafefc008
-
SHA256
007b4662b14079159ab4414cc3fc264160dc6c320d5495a1d46805af3f55c54d
-
SHA512
b67ef7988731fcaa8c2e6d48767836094ee7d77bfb7bf1cbab8f49114c0f30e0623a22aa364b8e9268e15588c9deee0eb2bc4140ec77ee8c1913f33c480530cd
-
SSDEEP
12288:ey90WSsXuCVyMgRh+sFyHbswglbRBT9N2rz8bxdnlj9uadVqOWYl5z8rt:eyBXuCVGM2y7Tg/Z9QrQ9uaCOLmrt
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1