General

  • Target

    a5b8e55d0bd6c7509d49a1e3eda327c8d3d2a6787ac23e1ade8f3793899499a0

  • Size

    806KB

  • Sample

    241104-zkkansxdrj

  • MD5

    d9288b9de91fba70f92ebc2a56d51b04

  • SHA1

    9fe9299a7031d48a9e70f2a7a32af200e1e57e4f

  • SHA256

    a5b8e55d0bd6c7509d49a1e3eda327c8d3d2a6787ac23e1ade8f3793899499a0

  • SHA512

    ea09b82d9ad73833f593a2fd733e9ebe1ad7fd21275a6e904479fb47ee50fdf4a2fd192d43e67b2521eededdbea715333d1770fc23d2fcdc6a2667d984c874d6

  • SSDEEP

    12288:ky906bxmDcAzQZp9NF3cVKygzCSdkAyq81fBV4BbpcDmdQQ4RB/CPLLNmx4gx9t9:ky59mQDPFPygzFkl1pOBbpsmd2KjG99

Malware Config

Targets

    • Target

      a5b8e55d0bd6c7509d49a1e3eda327c8d3d2a6787ac23e1ade8f3793899499a0

    • Size

      806KB

    • MD5

      d9288b9de91fba70f92ebc2a56d51b04

    • SHA1

      9fe9299a7031d48a9e70f2a7a32af200e1e57e4f

    • SHA256

      a5b8e55d0bd6c7509d49a1e3eda327c8d3d2a6787ac23e1ade8f3793899499a0

    • SHA512

      ea09b82d9ad73833f593a2fd733e9ebe1ad7fd21275a6e904479fb47ee50fdf4a2fd192d43e67b2521eededdbea715333d1770fc23d2fcdc6a2667d984c874d6

    • SSDEEP

      12288:ky906bxmDcAzQZp9NF3cVKygzCSdkAyq81fBV4BbpcDmdQQ4RB/CPLLNmx4gx9t9:ky59mQDPFPygzFkl1pOBbpsmd2KjG99

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks