General
-
Target
84404e5943d62f1b889733e28cd2921246e897b8fbdb11aee9f9a15f79ee95ad.exe
-
Size
470KB
-
Sample
241119-yeqd3a1cph
-
MD5
47b52b7a30c163068651e8ea48b76fae
-
SHA1
c29ca2839462be0f727d90de2a4dee6bb56d777f
-
SHA256
84404e5943d62f1b889733e28cd2921246e897b8fbdb11aee9f9a15f79ee95ad
-
SHA512
51b00d6473659aab4e6fa84f802da2cfda7798d51c7ff16cde348521bed8000ee480624ee3f67415d38b1cc5e563009dbeff236c0f14012561877cc1b591a430
-
SSDEEP
12288:7y90sUXZL7vunYpNcex2KbRng76RlwsimVG3lF:7y67vuYpNv2MJgcuRj1F
Malware Config
Targets
-
-
Target
84404e5943d62f1b889733e28cd2921246e897b8fbdb11aee9f9a15f79ee95ad.exe
-
Size
470KB
-
MD5
47b52b7a30c163068651e8ea48b76fae
-
SHA1
c29ca2839462be0f727d90de2a4dee6bb56d777f
-
SHA256
84404e5943d62f1b889733e28cd2921246e897b8fbdb11aee9f9a15f79ee95ad
-
SHA512
51b00d6473659aab4e6fa84f802da2cfda7798d51c7ff16cde348521bed8000ee480624ee3f67415d38b1cc5e563009dbeff236c0f14012561877cc1b591a430
-
SSDEEP
12288:7y90sUXZL7vunYpNcex2KbRng76RlwsimVG3lF:7y67vuYpNv2MJgcuRj1F
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1