General

  • Target

    787d78db0c960caa93295329d0ce99a5472491231cdddd4f390b666701079280

  • Size

    691KB

  • Sample

    241104-13v1kayfkq

  • MD5

    948616ada910debf7b5383acdfe9fdde

  • SHA1

    eaac1c74d2fcaf82b6dc8eca0873efa47b83e9ba

  • SHA256

    787d78db0c960caa93295329d0ce99a5472491231cdddd4f390b666701079280

  • SHA512

    4a222811d5fba369dd2c70cf9068e859b843c3b63b1e972e51861315f07ad50696b48d7218d95c43cf29b2f93a5ba61b9012588c2e7844b9bf89b5942338cd65

  • SSDEEP

    12288:Py90V0wnn8HyShPATv0bVkeLSmqomYM6Qz6MZe2+7z/AANBmf7:PyWN8H3hIzYPSmiYMOMU2tANIf7

Malware Config

Targets

    • Target

      787d78db0c960caa93295329d0ce99a5472491231cdddd4f390b666701079280

    • Size

      691KB

    • MD5

      948616ada910debf7b5383acdfe9fdde

    • SHA1

      eaac1c74d2fcaf82b6dc8eca0873efa47b83e9ba

    • SHA256

      787d78db0c960caa93295329d0ce99a5472491231cdddd4f390b666701079280

    • SHA512

      4a222811d5fba369dd2c70cf9068e859b843c3b63b1e972e51861315f07ad50696b48d7218d95c43cf29b2f93a5ba61b9012588c2e7844b9bf89b5942338cd65

    • SSDEEP

      12288:Py90V0wnn8HyShPATv0bVkeLSmqomYM6Qz6MZe2+7z/AANBmf7:PyWN8H3hIzYPSmiYMOMU2tANIf7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks