General
-
Target
00109ed9f71327767c880f1924a2eb3de62d748b87605b032143efdb0f098f10.exe
-
Size
807KB
-
Sample
241120-e92wsswlan
-
MD5
95e7e2781e689b8f5086009d03d42ffe
-
SHA1
6a2be9a679efa7d2cef41966be2cd3994a262461
-
SHA256
00109ed9f71327767c880f1924a2eb3de62d748b87605b032143efdb0f098f10
-
SHA512
aa7115e94ae6693ebbcdd30cfb2a4f1f4d41fa6c0c88b3d1140ac79eac3437922dbbd8a52a0da7a056d5b46444a25c758a5b9192269c3862a9fd2386bfc095cc
-
SSDEEP
12288:qy90s27ZHbSgCcrDVb1ZOtuFbL4g79RUeInMc57jRSsXw9y2Ci8fFjxCCuyktem:qyz2djCUDZ1guNkgDUX57xw3T8PuJgm
Malware Config
Targets
-
-
Target
00109ed9f71327767c880f1924a2eb3de62d748b87605b032143efdb0f098f10.exe
-
Size
807KB
-
MD5
95e7e2781e689b8f5086009d03d42ffe
-
SHA1
6a2be9a679efa7d2cef41966be2cd3994a262461
-
SHA256
00109ed9f71327767c880f1924a2eb3de62d748b87605b032143efdb0f098f10
-
SHA512
aa7115e94ae6693ebbcdd30cfb2a4f1f4d41fa6c0c88b3d1140ac79eac3437922dbbd8a52a0da7a056d5b46444a25c758a5b9192269c3862a9fd2386bfc095cc
-
SSDEEP
12288:qy90s27ZHbSgCcrDVb1ZOtuFbL4g79RUeInMc57jRSsXw9y2Ci8fFjxCCuyktem:qyz2djCUDZ1guNkgDUX57xw3T8PuJgm
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1