General
-
Target
4b92fbde97e09ea64d2a694e586b978b13daa93fb5e0d9942ab252da90b0e3fbN.exe
-
Size
536KB
-
Sample
241120-fnaqvs1dqh
-
MD5
5e6cfece47ec180f32bbcc169ad82f10
-
SHA1
22026f4828970b3eac5a1de28f8198b30da55e6e
-
SHA256
4b92fbde97e09ea64d2a694e586b978b13daa93fb5e0d9942ab252da90b0e3fb
-
SHA512
cb31076b8f197933dfac7506671db28acf73c2430b2393fe1dd88ff72d2fb5396187a01cd3cadf5ed465d4f87da9d33376502f27d099a70d679156b02d7f1759
-
SSDEEP
6144:jap0yN90QEkv7THKM9f9sTH4YOTvOl2bm1qM2XutMDS10mnxl3Oqr0MMcinl6NcY:Hy90mZFM9l26PGmnOqr0ll62amNyXjF
Malware Config
Targets
-
-
Target
4b92fbde97e09ea64d2a694e586b978b13daa93fb5e0d9942ab252da90b0e3fbN.exe
-
Size
536KB
-
MD5
5e6cfece47ec180f32bbcc169ad82f10
-
SHA1
22026f4828970b3eac5a1de28f8198b30da55e6e
-
SHA256
4b92fbde97e09ea64d2a694e586b978b13daa93fb5e0d9942ab252da90b0e3fb
-
SHA512
cb31076b8f197933dfac7506671db28acf73c2430b2393fe1dd88ff72d2fb5396187a01cd3cadf5ed465d4f87da9d33376502f27d099a70d679156b02d7f1759
-
SSDEEP
6144:jap0yN90QEkv7THKM9f9sTH4YOTvOl2bm1qM2XutMDS10mnxl3Oqr0MMcinl6NcY:Hy90mZFM9l26PGmnOqr0ll62amNyXjF
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1