General
-
Target
87cc825935c11f4dea663b61632342e06991404b8f6024fc621bca34440a690cN.exe
-
Size
470KB
-
Sample
241120-epm7xazqez
-
MD5
0b0622b6152461ab20e73072ae8c7410
-
SHA1
0757c999804fdd216ac7e910408c489de7d66588
-
SHA256
87cc825935c11f4dea663b61632342e06991404b8f6024fc621bca34440a690c
-
SHA512
36ff6f54d2f609375d50aaba75737b905ef85f5544f0d9057cfdb3ba03b21e01c192e926e1280ac7766674cc2753efa791371997be6ba65ad553e092cc5c5324
-
SSDEEP
6144:nup0yN90QEllFmyXTNbK+MZahK6EUMobaQbayckk17Y8GVdj3IGj64aH:vy90GyXTk+4QK/UbbRJg7YRb3IGj6V
Malware Config
Targets
-
-
Target
87cc825935c11f4dea663b61632342e06991404b8f6024fc621bca34440a690cN.exe
-
Size
470KB
-
MD5
0b0622b6152461ab20e73072ae8c7410
-
SHA1
0757c999804fdd216ac7e910408c489de7d66588
-
SHA256
87cc825935c11f4dea663b61632342e06991404b8f6024fc621bca34440a690c
-
SHA512
36ff6f54d2f609375d50aaba75737b905ef85f5544f0d9057cfdb3ba03b21e01c192e926e1280ac7766674cc2753efa791371997be6ba65ad553e092cc5c5324
-
SSDEEP
6144:nup0yN90QEllFmyXTNbK+MZahK6EUMobaQbayckk17Y8GVdj3IGj64aH:vy90GyXTk+4QK/UbbRJg7YRb3IGj6V
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1