General
-
Target
e04881b6f19bd05a004568cf95c26f3c19a884bec1131d1ff34fcd0d84b3649c.exe
-
Size
558KB
-
Sample
241119-r8pw3ayakj
-
MD5
257db7f225ab5b90193176db6bc238e1
-
SHA1
bf0571787bb17a3b6319be98bbcea84c142398d0
-
SHA256
e04881b6f19bd05a004568cf95c26f3c19a884bec1131d1ff34fcd0d84b3649c
-
SHA512
8ed018d14af4ce43dc912660d45d3ca375c75df41e1d67253c2f3fc7295d89544fb99c312fa1ebfdd92de9cb08b702e7bb2c925a9032d4c95ed3317091d3518d
-
SSDEEP
12288:1y90xooU+DiTq9BplEAQDRSaix2BuVhV8dJ6IyN:1yGJUYie9Yt8McVEkN
Malware Config
Targets
-
-
Target
e04881b6f19bd05a004568cf95c26f3c19a884bec1131d1ff34fcd0d84b3649c.exe
-
Size
558KB
-
MD5
257db7f225ab5b90193176db6bc238e1
-
SHA1
bf0571787bb17a3b6319be98bbcea84c142398d0
-
SHA256
e04881b6f19bd05a004568cf95c26f3c19a884bec1131d1ff34fcd0d84b3649c
-
SHA512
8ed018d14af4ce43dc912660d45d3ca375c75df41e1d67253c2f3fc7295d89544fb99c312fa1ebfdd92de9cb08b702e7bb2c925a9032d4c95ed3317091d3518d
-
SSDEEP
12288:1y90xooU+DiTq9BplEAQDRSaix2BuVhV8dJ6IyN:1yGJUYie9Yt8McVEkN
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1