General
-
Target
e21d7eb9aa311abf233577e7ba2e17774ddc795ca70ee6044c528435988fb96a
-
Size
414KB
-
Sample
241122-fphg4a1jgl
-
MD5
f83b6abcee2ba92187ec5f8b8d072c29
-
SHA1
4d2482f208416f1956a760b44a7a784a19961d68
-
SHA256
e21d7eb9aa311abf233577e7ba2e17774ddc795ca70ee6044c528435988fb96a
-
SHA512
d36a240f8210bae6398b96224b3102c67e0668857024509b6f742a47a81a1be69ee95d26e85544d8821b600af6d86824595dc9bb181d9361a77f1b7992d00e58
-
SSDEEP
6144:3Kp0yN90QENGHAxgZaBI2lY81Y578FOgxuye8EwXlQDoZCGsCbNWa/wvJ:7y90bBUaBIx81Yh8FOgXhlQ8YMbktvJ
Malware Config
Targets
-
-
Target
e21d7eb9aa311abf233577e7ba2e17774ddc795ca70ee6044c528435988fb96a
-
Size
414KB
-
MD5
f83b6abcee2ba92187ec5f8b8d072c29
-
SHA1
4d2482f208416f1956a760b44a7a784a19961d68
-
SHA256
e21d7eb9aa311abf233577e7ba2e17774ddc795ca70ee6044c528435988fb96a
-
SHA512
d36a240f8210bae6398b96224b3102c67e0668857024509b6f742a47a81a1be69ee95d26e85544d8821b600af6d86824595dc9bb181d9361a77f1b7992d00e58
-
SSDEEP
6144:3Kp0yN90QENGHAxgZaBI2lY81Y578FOgxuye8EwXlQDoZCGsCbNWa/wvJ:7y90bBUaBIx81Yh8FOgXhlQ8YMbktvJ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1