General
-
Target
24a00750748758b5639dde9cee01a64d70fc51d9366247ce1ac8ffc63027da75.exe
-
Size
470KB
-
Sample
241120-czacpayckh
-
MD5
f076a5e46c387706165e8c1587905bc3
-
SHA1
b9d2a0e1184705b656503c3a14620f754b8b7563
-
SHA256
24a00750748758b5639dde9cee01a64d70fc51d9366247ce1ac8ffc63027da75
-
SHA512
0b509e81c43509bb17071186596461b71c6bf6c6a602476e15076e85168a4176904b941d24309a77e273d65dfa36a6346fc51600506549cd28a0c962ca164f8b
-
SSDEEP
6144:R4p0yN90QENj3Yl0+oXxsm71N7ogUNLOGdbaQbayckk1748GVdOyDa2/QaF7Nz:ny90nj3HHN7ogUN7dbRJg74RGcaUNz
Malware Config
Targets
-
-
Target
24a00750748758b5639dde9cee01a64d70fc51d9366247ce1ac8ffc63027da75.exe
-
Size
470KB
-
MD5
f076a5e46c387706165e8c1587905bc3
-
SHA1
b9d2a0e1184705b656503c3a14620f754b8b7563
-
SHA256
24a00750748758b5639dde9cee01a64d70fc51d9366247ce1ac8ffc63027da75
-
SHA512
0b509e81c43509bb17071186596461b71c6bf6c6a602476e15076e85168a4176904b941d24309a77e273d65dfa36a6346fc51600506549cd28a0c962ca164f8b
-
SSDEEP
6144:R4p0yN90QENj3Yl0+oXxsm71N7ogUNLOGdbaQbayckk1748GVdOyDa2/QaF7Nz:ny90nj3HHN7ogUN7dbRJg74RGcaUNz
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1