General
-
Target
4b188b6b6c55d1bcf7927ca24f009c236a6472cce01cf43c8f4f61d8fdc55a1f.exe
-
Size
540KB
-
Sample
241120-b68cmasmhl
-
MD5
c656da7d6ee183584a724727a960eced
-
SHA1
35bf9dac0c7e39e6fcd7a127abbc5d9360dd12cd
-
SHA256
4b188b6b6c55d1bcf7927ca24f009c236a6472cce01cf43c8f4f61d8fdc55a1f
-
SHA512
606f579568fef2fd83a881038c80a907be0e3247e7138c797f0fc0d979c9a236f20c0fdf2b03b9da2fd1439f78d97a11334de6d7dbb96dc63916595706441e22
-
SSDEEP
12288:vy905O+5+w3FT2Vy8zja0nCL/FqWN6FH18bvKvA+DGqt:vy6OJuFAyJ0CL/T6FH18bvwJvt
Malware Config
Targets
-
-
Target
4b188b6b6c55d1bcf7927ca24f009c236a6472cce01cf43c8f4f61d8fdc55a1f.exe
-
Size
540KB
-
MD5
c656da7d6ee183584a724727a960eced
-
SHA1
35bf9dac0c7e39e6fcd7a127abbc5d9360dd12cd
-
SHA256
4b188b6b6c55d1bcf7927ca24f009c236a6472cce01cf43c8f4f61d8fdc55a1f
-
SHA512
606f579568fef2fd83a881038c80a907be0e3247e7138c797f0fc0d979c9a236f20c0fdf2b03b9da2fd1439f78d97a11334de6d7dbb96dc63916595706441e22
-
SSDEEP
12288:vy905O+5+w3FT2Vy8zja0nCL/FqWN6FH18bvKvA+DGqt:vy6OJuFAyJ0CL/T6FH18bvwJvt
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1