General
-
Target
2b1d131eb7dcba0ed1f100b5f0cce10d1f0c91a6034b1f5832067adcac06f1dcN.exe
-
Size
807KB
-
Sample
241119-kt64gaspdw
-
MD5
ab3a70c0eff85d2e4f83ed75766c2160
-
SHA1
9f41903a01c76bccec5e4e197764e36db6ff1d7e
-
SHA256
2b1d131eb7dcba0ed1f100b5f0cce10d1f0c91a6034b1f5832067adcac06f1dc
-
SHA512
73fc154e15b8f141b325ab8290dacb05e6675f24da2792cf0b542a6afa5298f42a2066012d571f1e24401694dcb1fbe3a703abb1ae08e7908dff0918c6f5855e
-
SSDEEP
12288:iy908K/t9Q2YCLImF5iI80bzBg7+Rn9Ka1v+ywwXXAHF1dHELLm:iy32rLImFkI7lgg9dXwWXAl1iLi
Malware Config
Targets
-
-
Target
2b1d131eb7dcba0ed1f100b5f0cce10d1f0c91a6034b1f5832067adcac06f1dcN.exe
-
Size
807KB
-
MD5
ab3a70c0eff85d2e4f83ed75766c2160
-
SHA1
9f41903a01c76bccec5e4e197764e36db6ff1d7e
-
SHA256
2b1d131eb7dcba0ed1f100b5f0cce10d1f0c91a6034b1f5832067adcac06f1dc
-
SHA512
73fc154e15b8f141b325ab8290dacb05e6675f24da2792cf0b542a6afa5298f42a2066012d571f1e24401694dcb1fbe3a703abb1ae08e7908dff0918c6f5855e
-
SSDEEP
12288:iy908K/t9Q2YCLImF5iI80bzBg7+Rn9Ka1v+ywwXXAHF1dHELLm:iy32rLImFkI7lgg9dXwWXAl1iLi
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1