General

  • Target

    92f58ce16c5dc76860c08560cd2073f270d81680f7dc735ce320beae3c374bbd

  • Size

    690KB

  • Sample

    241109-egk3kszlbn

  • MD5

    e6c077fa3ff235a94ff006ab186dc714

  • SHA1

    e4e3147f321a749f634e9cc211f07b8571530dd9

  • SHA256

    92f58ce16c5dc76860c08560cd2073f270d81680f7dc735ce320beae3c374bbd

  • SHA512

    1699ace331a9418220fe137b38b13f217d49cf05f16aedb6439500e5073e762cf4f709efeed00f5ffb52e89158b9b58abe02781625379e99b4f5c3f9e8568f9e

  • SSDEEP

    12288:5y904At1vNOdDoH3Mul6kP5RW3kfRkFw1ke3WGhniN9mcGRWafsL:5yPAt1v0dDic46cRW3GRfiNscH

Malware Config

Targets

    • Target

      92f58ce16c5dc76860c08560cd2073f270d81680f7dc735ce320beae3c374bbd

    • Size

      690KB

    • MD5

      e6c077fa3ff235a94ff006ab186dc714

    • SHA1

      e4e3147f321a749f634e9cc211f07b8571530dd9

    • SHA256

      92f58ce16c5dc76860c08560cd2073f270d81680f7dc735ce320beae3c374bbd

    • SHA512

      1699ace331a9418220fe137b38b13f217d49cf05f16aedb6439500e5073e762cf4f709efeed00f5ffb52e89158b9b58abe02781625379e99b4f5c3f9e8568f9e

    • SSDEEP

      12288:5y904At1vNOdDoH3Mul6kP5RW3kfRkFw1ke3WGhniN9mcGRWafsL:5yPAt1v0dDic46cRW3GRfiNscH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks