General

  • Target

    d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a

  • Size

    559KB

  • Sample

    241104-zh7yyswnav

  • MD5

    7cf68d3cb151e882e7b220738bc367a4

  • SHA1

    0ea9d423547f040f752f48b620cac44785a68f77

  • SHA256

    d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a

  • SHA512

    a9b6903df80ae492fc4b6ec3f3f1829f0e06fc075883c0182b45069d2217caa32e4dfa6cf8d50ca72aa4862878ea987abcc9118d4e939c4de4def665e760ca62

  • SSDEEP

    12288:Yy90/1NvHDbQ0nPrdEKVIeGFaL9OiXM0Mz23zcrJLfrd:YymNLbZzrVIbFasnOzELB

Malware Config

Targets

    • Target

      d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a

    • Size

      559KB

    • MD5

      7cf68d3cb151e882e7b220738bc367a4

    • SHA1

      0ea9d423547f040f752f48b620cac44785a68f77

    • SHA256

      d17b05e1af1a4c828e5507c9f497f93cb9fe3deed2ad80a1cb9bd248aa85ee0a

    • SHA512

      a9b6903df80ae492fc4b6ec3f3f1829f0e06fc075883c0182b45069d2217caa32e4dfa6cf8d50ca72aa4862878ea987abcc9118d4e939c4de4def665e760ca62

    • SSDEEP

      12288:Yy90/1NvHDbQ0nPrdEKVIeGFaL9OiXM0Mz23zcrJLfrd:YymNLbZzrVIbFasnOzELB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks