General
-
Target
6a3546adce9034d6b3378af7299163f421e87917fd9586bbab21746c5b970d4a.exe
-
Size
609KB
-
Sample
241119-nj7h2avfmg
-
MD5
26e0ef29d843a97cf7bf224303fb49eb
-
SHA1
fc25acaea4bd75afb3f1e2f172a929751df24f13
-
SHA256
6a3546adce9034d6b3378af7299163f421e87917fd9586bbab21746c5b970d4a
-
SHA512
8c84946c0adb9414b1366d8c068b940c57ddb927a80a3f7d8c3b0a5855ebea8adf3a53236bbad606433cd76d877669b19ab3f4415126efe3a49282952c368f90
-
SSDEEP
12288:uy90TSVYrEG7xKogINBxNrn6n6RbZJgt8aRzu47:uydigGtKoDNj06JrgLlu47
Malware Config
Targets
-
-
Target
6a3546adce9034d6b3378af7299163f421e87917fd9586bbab21746c5b970d4a.exe
-
Size
609KB
-
MD5
26e0ef29d843a97cf7bf224303fb49eb
-
SHA1
fc25acaea4bd75afb3f1e2f172a929751df24f13
-
SHA256
6a3546adce9034d6b3378af7299163f421e87917fd9586bbab21746c5b970d4a
-
SHA512
8c84946c0adb9414b1366d8c068b940c57ddb927a80a3f7d8c3b0a5855ebea8adf3a53236bbad606433cd76d877669b19ab3f4415126efe3a49282952c368f90
-
SSDEEP
12288:uy90TSVYrEG7xKogINBxNrn6n6RbZJgt8aRzu47:uydigGtKoDNj06JrgLlu47
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1