General
-
Target
b043faf55ab98a11da02338a9b865442332707b8073a23b3f26761732477063cN.exe
-
Size
609KB
-
Sample
241119-v2verayene
-
MD5
8a68a86441d794ccb55e3d2c121e3750
-
SHA1
84cc4ec2ab5929358a4a0ede62935117ffa62540
-
SHA256
b043faf55ab98a11da02338a9b865442332707b8073a23b3f26761732477063c
-
SHA512
22a071f610a5134b318bbab4e2d9381ceddeae7ddc88767251acd946939153694250fbf7b6678eb05a511c25250c0151c9519c50a6a0af5cfe0bdfa7632cc99f
-
SSDEEP
12288:uy90TSVYrEG7xKogINBxNrn6n6RbZJgt8aRzu4:uydigGtKoDNj06JrgLlu4
Malware Config
Targets
-
-
Target
b043faf55ab98a11da02338a9b865442332707b8073a23b3f26761732477063cN.exe
-
Size
609KB
-
MD5
8a68a86441d794ccb55e3d2c121e3750
-
SHA1
84cc4ec2ab5929358a4a0ede62935117ffa62540
-
SHA256
b043faf55ab98a11da02338a9b865442332707b8073a23b3f26761732477063c
-
SHA512
22a071f610a5134b318bbab4e2d9381ceddeae7ddc88767251acd946939153694250fbf7b6678eb05a511c25250c0151c9519c50a6a0af5cfe0bdfa7632cc99f
-
SSDEEP
12288:uy90TSVYrEG7xKogINBxNrn6n6RbZJgt8aRzu4:uydigGtKoDNj06JrgLlu4
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1