General
-
Target
f9ee3e03af817985df9581b3547c64ecf6ac66c2e1179b4587679ff14515aea7
-
Size
415KB
-
Sample
241122-g2sz2avrg1
-
MD5
23a19e36b2ceef5a205221bc6ac52414
-
SHA1
366a574174056f01f1e41a582aa51d0147717288
-
SHA256
f9ee3e03af817985df9581b3547c64ecf6ac66c2e1179b4587679ff14515aea7
-
SHA512
78e67e3f06077dc1dc89c1df1601488cba3b27a365d6e8f3f972d4c4fec317a9d7dcfcfb723a7e0d524f333f6be6f6b94a904e0399395b4f8ce7986db5929269
-
SSDEEP
6144:/2p0yN90QEcZ/VAuRHgFZ3BNQm2LcL0Ie0P5uK3x97mY5NSShRjCz:fy90g9RRHgFrao3eq5ul3IRjCz
Malware Config
Targets
-
-
Target
f9ee3e03af817985df9581b3547c64ecf6ac66c2e1179b4587679ff14515aea7
-
Size
415KB
-
MD5
23a19e36b2ceef5a205221bc6ac52414
-
SHA1
366a574174056f01f1e41a582aa51d0147717288
-
SHA256
f9ee3e03af817985df9581b3547c64ecf6ac66c2e1179b4587679ff14515aea7
-
SHA512
78e67e3f06077dc1dc89c1df1601488cba3b27a365d6e8f3f972d4c4fec317a9d7dcfcfb723a7e0d524f333f6be6f6b94a904e0399395b4f8ce7986db5929269
-
SSDEEP
6144:/2p0yN90QEcZ/VAuRHgFZ3BNQm2LcL0Ie0P5uK3x97mY5NSShRjCz:fy90g9RRHgFrao3eq5ul3IRjCz
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1