General
-
Target
64d93801393c6943f1c4bf72e965742b8923a620553b8fcd982ad031a1b773d2N.exe
-
Size
705KB
-
Sample
241129-frhwmsxkew
-
MD5
8f220f897fc66fae07bd273fa072e6d0
-
SHA1
8e5514b23ef069f62498021ce8d1e87dfab8f974
-
SHA256
64d93801393c6943f1c4bf72e965742b8923a620553b8fcd982ad031a1b773d2
-
SHA512
12c8c680eed4fb4631ec2555eb4e5c7d0abb9b28ab747ffdf58c88ff2cafe4a73ae40386e2883afaa83ec50dbc67d76116f6c1daf7a5dacc3e88972bb168d5a3
-
SSDEEP
12288:vy90/mOPa3hpDV3PkMiSqQGi/m7Q0dh58KZB69XLD/NH6:vyYHa3Xp3+xi/ms258moXLD/h6
Malware Config
Targets
-
-
Target
64d93801393c6943f1c4bf72e965742b8923a620553b8fcd982ad031a1b773d2N.exe
-
Size
705KB
-
MD5
8f220f897fc66fae07bd273fa072e6d0
-
SHA1
8e5514b23ef069f62498021ce8d1e87dfab8f974
-
SHA256
64d93801393c6943f1c4bf72e965742b8923a620553b8fcd982ad031a1b773d2
-
SHA512
12c8c680eed4fb4631ec2555eb4e5c7d0abb9b28ab747ffdf58c88ff2cafe4a73ae40386e2883afaa83ec50dbc67d76116f6c1daf7a5dacc3e88972bb168d5a3
-
SSDEEP
12288:vy90/mOPa3hpDV3PkMiSqQGi/m7Q0dh58KZB69XLD/NH6:vyYHa3Xp3+xi/ms258moXLD/h6
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1