General
-
Target
4c7565763d278bbeb7401c196f9b7d0eb284e994f8192bbbfe96d1f860ee275cN.exe
-
Size
625KB
-
Sample
241119-rc586s1qfj
-
MD5
fe6dfc9b7f0750830b3a2099fc58e970
-
SHA1
fd0c217d4719955e86e6db0fb57080cbad96b221
-
SHA256
4c7565763d278bbeb7401c196f9b7d0eb284e994f8192bbbfe96d1f860ee275c
-
SHA512
e365a74ef795df3c09fe5f51e755775d517922860b9d5e0ee534ec200a41368fa57c11eaac9fc26f5917719fe5dd88a016311016b20a150a1c97e1d1ed14f887
-
SSDEEP
12288:Py90L2JRhmFXu4jdn6UgBpaullbahg7uRnQ2sD6jGSf:Pyq2jhiuQn6UgVltYgAQ2soR
Malware Config
Targets
-
-
Target
4c7565763d278bbeb7401c196f9b7d0eb284e994f8192bbbfe96d1f860ee275cN.exe
-
Size
625KB
-
MD5
fe6dfc9b7f0750830b3a2099fc58e970
-
SHA1
fd0c217d4719955e86e6db0fb57080cbad96b221
-
SHA256
4c7565763d278bbeb7401c196f9b7d0eb284e994f8192bbbfe96d1f860ee275c
-
SHA512
e365a74ef795df3c09fe5f51e755775d517922860b9d5e0ee534ec200a41368fa57c11eaac9fc26f5917719fe5dd88a016311016b20a150a1c97e1d1ed14f887
-
SSDEEP
12288:Py90L2JRhmFXu4jdn6UgBpaullbahg7uRnQ2sD6jGSf:Pyq2jhiuQn6UgVltYgAQ2soR
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1