General
-
Target
a9ac5e3932baca2c870e271ccca5e9cb13af2b52671a4f047e154bd3d9cdfb27
-
Size
624KB
-
Sample
241121-e51g6syndy
-
MD5
e3796ae0ba57c2a1cd73b1829ea5538d
-
SHA1
19c16c67d4bd03507ba9273fdac1310b29b0d0e4
-
SHA256
a9ac5e3932baca2c870e271ccca5e9cb13af2b52671a4f047e154bd3d9cdfb27
-
SHA512
50decaba90c2f6b0ad88754a2c078baed570d09cf8490b15d6724e111b34ba1b299ddf29e3346b99219d2d15475283b2564569ffdd13402dd1e368d97f86df44
-
SSDEEP
12288:ly90uZh9/1VjFnnefpnE+crgK9KHngU5BPX4Eruiq4HruOo15ha3rw8:lyVh9//jFGnEPp8Au4Eru+ruOo15hyrT
Malware Config
Targets
-
-
Target
a9ac5e3932baca2c870e271ccca5e9cb13af2b52671a4f047e154bd3d9cdfb27
-
Size
624KB
-
MD5
e3796ae0ba57c2a1cd73b1829ea5538d
-
SHA1
19c16c67d4bd03507ba9273fdac1310b29b0d0e4
-
SHA256
a9ac5e3932baca2c870e271ccca5e9cb13af2b52671a4f047e154bd3d9cdfb27
-
SHA512
50decaba90c2f6b0ad88754a2c078baed570d09cf8490b15d6724e111b34ba1b299ddf29e3346b99219d2d15475283b2564569ffdd13402dd1e368d97f86df44
-
SSDEEP
12288:ly90uZh9/1VjFnnefpnE+crgK9KHngU5BPX4Eruiq4HruOo15ha3rw8:lyVh9//jFGnEPp8Au4Eru+ruOo15hyrT
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1