General
-
Target
97e1e825f4564f97a45b1f740101eba7525ee36295416e6afa3649160f76f773N.exe
-
Size
414KB
-
Sample
241119-xkedbazeqg
-
MD5
83977eb06adc758ef49c776cf94c9610
-
SHA1
cc83a19450a32972c20d3f57bd73a096733f263a
-
SHA256
97e1e825f4564f97a45b1f740101eba7525ee36295416e6afa3649160f76f773
-
SHA512
cc615a815ddac2ee18bd5cc59baf8c883d88313ee57348d47ee65e86d94fda93f00ce6f4d65f5e72cf1a77e476b1d6bc4799bf6f119f7b66dec9cb3b55f60ae7
-
SSDEEP
6144:6jp0yN90QEESK/vzWh0x8oMz7PUvuhUACyyjfEpfxIZ:Ty901AvC0dwz4/tjfCc
Malware Config
Targets
-
-
Target
97e1e825f4564f97a45b1f740101eba7525ee36295416e6afa3649160f76f773N.exe
-
Size
414KB
-
MD5
83977eb06adc758ef49c776cf94c9610
-
SHA1
cc83a19450a32972c20d3f57bd73a096733f263a
-
SHA256
97e1e825f4564f97a45b1f740101eba7525ee36295416e6afa3649160f76f773
-
SHA512
cc615a815ddac2ee18bd5cc59baf8c883d88313ee57348d47ee65e86d94fda93f00ce6f4d65f5e72cf1a77e476b1d6bc4799bf6f119f7b66dec9cb3b55f60ae7
-
SSDEEP
6144:6jp0yN90QEESK/vzWh0x8oMz7PUvuhUACyyjfEpfxIZ:Ty901AvC0dwz4/tjfCc
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1