General
-
Target
c094f3c19385e31890b0ab6ad180d5bfb9fc81f516e67cc213418be978b9ea69.exe
-
Size
623KB
-
Sample
241119-kdlgtssdqa
-
MD5
497dfa0bd9e0757b9fc4d2d701f5caf8
-
SHA1
049acc81b6927a9171488f556b9f5de844dacd95
-
SHA256
c094f3c19385e31890b0ab6ad180d5bfb9fc81f516e67cc213418be978b9ea69
-
SHA512
266a94708da67d6dfc53d074db77ef8b5488a1dbe58f7d1a036e51e4dd0217cb913396d9e259715c34a1cc36431b434b9efe537412030df6029ebe4254ceae97
-
SSDEEP
12288:Cy90rMOIgpq6ysYjVvW+i2v+EO16FoZFAp+9A:Cy252T+EBoZFAp+9A
Malware Config
Targets
-
-
Target
c094f3c19385e31890b0ab6ad180d5bfb9fc81f516e67cc213418be978b9ea69.exe
-
Size
623KB
-
MD5
497dfa0bd9e0757b9fc4d2d701f5caf8
-
SHA1
049acc81b6927a9171488f556b9f5de844dacd95
-
SHA256
c094f3c19385e31890b0ab6ad180d5bfb9fc81f516e67cc213418be978b9ea69
-
SHA512
266a94708da67d6dfc53d074db77ef8b5488a1dbe58f7d1a036e51e4dd0217cb913396d9e259715c34a1cc36431b434b9efe537412030df6029ebe4254ceae97
-
SSDEEP
12288:Cy90rMOIgpq6ysYjVvW+i2v+EO16FoZFAp+9A:Cy252T+EBoZFAp+9A
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1