General
-
Target
689db7e1029a3ad26de268aecb9e281f86c8a92789237940742c216d24a934aaN.exe
-
Size
762KB
-
Sample
241129-rhznkstqdr
-
MD5
b1a355d1fefb8f512d330490510bc0e0
-
SHA1
628d7a8d7e98474dbd23cf6da0ab50bfb4d6ab51
-
SHA256
689db7e1029a3ad26de268aecb9e281f86c8a92789237940742c216d24a934aa
-
SHA512
c9287d6c193c0ac0f833fe51c57810ee09d964771e7619e89313da6bcfe7d95254a6ee25085e87ba033aed40bd80e1fbea81f6ff76440f218bc59ed05f0b7aaf
-
SSDEEP
12288:Iy90aKeUzw82OB1obc4H3UzMzS2Hlq9s4xK8Owx548X9D2MFNUcw:Iy8e8w8X1v2//Hlqy4pOO48X/Ucw
Malware Config
Targets
-
-
Target
689db7e1029a3ad26de268aecb9e281f86c8a92789237940742c216d24a934aaN.exe
-
Size
762KB
-
MD5
b1a355d1fefb8f512d330490510bc0e0
-
SHA1
628d7a8d7e98474dbd23cf6da0ab50bfb4d6ab51
-
SHA256
689db7e1029a3ad26de268aecb9e281f86c8a92789237940742c216d24a934aa
-
SHA512
c9287d6c193c0ac0f833fe51c57810ee09d964771e7619e89313da6bcfe7d95254a6ee25085e87ba033aed40bd80e1fbea81f6ff76440f218bc59ed05f0b7aaf
-
SSDEEP
12288:Iy90aKeUzw82OB1obc4H3UzMzS2Hlq9s4xK8Owx548X9D2MFNUcw:Iy8e8w8X1v2//Hlqy4pOO48X/Ucw
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1