Overview

overview

10

Static

static

3

4e8687bad9...d8.exe

windows7-x64

10

4e8687bad9...d8.exe

windows10-2004-x64

10

4e8687bad9...d8.exe

windows10-ltsc 2021-x64

10

4e8687bad9...d8.exe

windows11-21h2-x64

10

Resubmissions

28-10-2024 23:04

241028-22jrksxlak 10

07-05-2023 01:54

230507-cbnkeada91 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8

  • Size

    686KB

  • Sample

    241028-22jrksxlak

  • MD5

    3c621601ec170837b121300ec549fdfa

  • SHA1

    45335d9e83de2198e7841d2eac51f048e87d6b98

  • SHA256

    4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8

  • SHA512

    6d1e0ba7aceceea2ab58e8fa0e68d047c76f54dd9047b78edc3daaaf886336014f4d9e069a7336416a3b8dedfde77bee3986fa33293d0593b45c5df5983d7032

  • SSDEEP

    12288:Ay908z1WEkGc3gWaySF7yCSAx5EJOGuYX8159v2O6HPAo:AyZAEMQRxhSEGuo8L98HPAo

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8

    • Size

      686KB

    • MD5

      3c621601ec170837b121300ec549fdfa

    • SHA1

      45335d9e83de2198e7841d2eac51f048e87d6b98

    • SHA256

      4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8

    • SHA512

      6d1e0ba7aceceea2ab58e8fa0e68d047c76f54dd9047b78edc3daaaf886336014f4d9e069a7336416a3b8dedfde77bee3986fa33293d0593b45c5df5983d7032

    • SSDEEP

      12288:Ay908z1WEkGc3gWaySF7yCSAx5EJOGuYX8159v2O6HPAo:AyZAEMQRxhSEGuo8L98HPAo

    Score
    10/10
    healerredlinediscoverydropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks