General
-
Target
4cb2599774a521938073e58183815fa52069615631548bb82d00e619b1e7f5d3N.exe
-
Size
763KB
-
Sample
241119-kbh9patbkl
-
MD5
ad0fe4ff065ce228924eb057bb893030
-
SHA1
c6b212a00e62f2c5f4cb10c57f6bc5ada150701b
-
SHA256
4cb2599774a521938073e58183815fa52069615631548bb82d00e619b1e7f5d3
-
SHA512
47df0d06f79c2c39ce6d29a2a3ba7c796a805df489e4206414d05ac69d889c2886fcb7c428e2489036aa12f75053daf0abb6011b5e199f5d4869fd0a5c694d96
-
SSDEEP
12288:Ky90B+JwEJLJlB9ypuiq6HGkZ9xnIGqxuYAC7MD8Mh58OqijcX:KyFJLJlz6Bqi3GOYAC7w8SO
Malware Config
Targets
-
-
Target
4cb2599774a521938073e58183815fa52069615631548bb82d00e619b1e7f5d3N.exe
-
Size
763KB
-
MD5
ad0fe4ff065ce228924eb057bb893030
-
SHA1
c6b212a00e62f2c5f4cb10c57f6bc5ada150701b
-
SHA256
4cb2599774a521938073e58183815fa52069615631548bb82d00e619b1e7f5d3
-
SHA512
47df0d06f79c2c39ce6d29a2a3ba7c796a805df489e4206414d05ac69d889c2886fcb7c428e2489036aa12f75053daf0abb6011b5e199f5d4869fd0a5c694d96
-
SSDEEP
12288:Ky90B+JwEJLJlB9ypuiq6HGkZ9xnIGqxuYAC7MD8Mh58OqijcX:KyFJLJlz6Bqi3GOYAC7w8SO
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1