General

  • Target

    7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365

  • Size

    691KB

  • Sample

    241109-ed6j4szkgj

  • MD5

    135e833eba52dc3a629f9db8dafa94a3

  • SHA1

    20c2b9be22893d577396cc17a9f5a7d3cb29e650

  • SHA256

    7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365

  • SHA512

    b180bb2bfd94af9fa66dc84bde158a26df3b0e66594a047d397f6921be8557b294032b1e32e6ade770fe4b410e5ad34918ec54c525f0a92853c9dca6c6200d28

  • SSDEEP

    12288:+y90YDZ6hErxzJBv0bVpBL3mqp4SuyCZR4V/e2m7zfKANB3P32xUL:+y/ldzJNYX3mfygsG2hANQOL

Malware Config

Targets

    • Target

      7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365

    • Size

      691KB

    • MD5

      135e833eba52dc3a629f9db8dafa94a3

    • SHA1

      20c2b9be22893d577396cc17a9f5a7d3cb29e650

    • SHA256

      7ab02532136b0f8dc42de866be5bac0cad35532b51776d2489f041c81961c365

    • SHA512

      b180bb2bfd94af9fa66dc84bde158a26df3b0e66594a047d397f6921be8557b294032b1e32e6ade770fe4b410e5ad34918ec54c525f0a92853c9dca6c6200d28

    • SSDEEP

      12288:+y90YDZ6hErxzJBv0bVpBL3mqp4SuyCZR4V/e2m7zfKANB3P32xUL:+y/ldzJNYX3mfygsG2hANQOL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks