General
-
Target
ef44088ce79862e332dd29a6679ad74044aaecf22c8f7c5b33277edaabacd18d.exe
-
Size
625KB
-
Sample
241119-vw81ysyele
-
MD5
e5bd202fa501eec87cb3e3b94af9a008
-
SHA1
7fce5b93ea1cc7c5c20047955169e243dfe94026
-
SHA256
ef44088ce79862e332dd29a6679ad74044aaecf22c8f7c5b33277edaabacd18d
-
SHA512
1d966f8edd905c132433213b4ce9dc89989c198a797bdf440499fb054c3ed85c8d56f9b404fc6b2f76d0335d1364d2b12928dabc3aaa4760f90ccee47fc34381
-
SSDEEP
12288:ky90BoM9W0n9iVPKTF2CViOwoqYPvTehiuXZn/p9xHpsFyNg3og:kylsW0nMsTF2CVnwPeTuRt/hWFAg
Malware Config
Targets
-
-
Target
ef44088ce79862e332dd29a6679ad74044aaecf22c8f7c5b33277edaabacd18d.exe
-
Size
625KB
-
MD5
e5bd202fa501eec87cb3e3b94af9a008
-
SHA1
7fce5b93ea1cc7c5c20047955169e243dfe94026
-
SHA256
ef44088ce79862e332dd29a6679ad74044aaecf22c8f7c5b33277edaabacd18d
-
SHA512
1d966f8edd905c132433213b4ce9dc89989c198a797bdf440499fb054c3ed85c8d56f9b404fc6b2f76d0335d1364d2b12928dabc3aaa4760f90ccee47fc34381
-
SSDEEP
12288:ky90BoM9W0n9iVPKTF2CViOwoqYPvTehiuXZn/p9xHpsFyNg3og:kylsW0nMsTF2CVnwPeTuRt/hWFAg
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1