General
-
Target
412a4bf1e0752d1625cca5471011f98775e31886e69fb13489f1acd7ded3c4c7.exe
-
Size
470KB
-
Sample
241119-q6qj5s1pfq
-
MD5
6e3fad4843c0b39f511023b4a14647ea
-
SHA1
dc8726c0904cca1661a45a37e6752b511866f0a0
-
SHA256
412a4bf1e0752d1625cca5471011f98775e31886e69fb13489f1acd7ded3c4c7
-
SHA512
224cc753867f8066d07ae56900767ee960396eef7e9317f9b0c6934e7f517f9b466bdb43527f5edca6bcee6b84fb15837a0202a07d6dd25ea286d164844e293c
-
SSDEEP
6144:r+p0yN90QEdL/NvpqOk1rYvu2ngMZ/d1/oT4h/qubUE5avU/p9xVZIp7B9sOQZ6a:7y90NpiQpvwT4hiuLsc/p9x942Mg
Malware Config
Targets
-
-
Target
412a4bf1e0752d1625cca5471011f98775e31886e69fb13489f1acd7ded3c4c7.exe
-
Size
470KB
-
MD5
6e3fad4843c0b39f511023b4a14647ea
-
SHA1
dc8726c0904cca1661a45a37e6752b511866f0a0
-
SHA256
412a4bf1e0752d1625cca5471011f98775e31886e69fb13489f1acd7ded3c4c7
-
SHA512
224cc753867f8066d07ae56900767ee960396eef7e9317f9b0c6934e7f517f9b466bdb43527f5edca6bcee6b84fb15837a0202a07d6dd25ea286d164844e293c
-
SSDEEP
6144:r+p0yN90QEdL/NvpqOk1rYvu2ngMZ/d1/oT4h/qubUE5avU/p9xVZIp7B9sOQZ6a:7y90NpiQpvwT4hiuLsc/p9x942Mg
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1