General
-
Target
44d68972df4630753f3e27965b944f6960dd00b14428ddd18e3f46f957cae73c.exe
-
Size
624KB
-
Sample
241119-v39k3aylgv
-
MD5
3d68fe39774fac6b7ee61b87e452a6ae
-
SHA1
6f69bb9a91c6862626bd4841b70651da8a849047
-
SHA256
44d68972df4630753f3e27965b944f6960dd00b14428ddd18e3f46f957cae73c
-
SHA512
496be64bd1703008b2b1ad03ab10fc880e46f83794ea46fa9d15715cc240a25ab9b3d773a5d4cd642b534e3fc515041d29709ab08f8e79a40adfe7e849f1161e
-
SSDEEP
12288:Qy90CKnam4URoXbNH4njkCtakgq5BhumErGQldanwkHawSVfDR/:Qy0namvRoXbNYnjkCChmErG0tkfSdDR/
Malware Config
Targets
-
-
Target
44d68972df4630753f3e27965b944f6960dd00b14428ddd18e3f46f957cae73c.exe
-
Size
624KB
-
MD5
3d68fe39774fac6b7ee61b87e452a6ae
-
SHA1
6f69bb9a91c6862626bd4841b70651da8a849047
-
SHA256
44d68972df4630753f3e27965b944f6960dd00b14428ddd18e3f46f957cae73c
-
SHA512
496be64bd1703008b2b1ad03ab10fc880e46f83794ea46fa9d15715cc240a25ab9b3d773a5d4cd642b534e3fc515041d29709ab08f8e79a40adfe7e849f1161e
-
SSDEEP
12288:Qy90CKnam4URoXbNH4njkCtakgq5BhumErGQldanwkHawSVfDR/:Qy0namvRoXbNYnjkCChmErG0tkfSdDR/
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1