General

  • Target

    cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b

  • Size

    653KB

  • Sample

    241109-fjffjs1kcj

  • MD5

    9f854e0263a0e0538da1c2b596a3f93f

  • SHA1

    6922409845c1d42403392c5e3f6d2a5187547fd1

  • SHA256

    cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b

  • SHA512

    172ba98ddd9faefc47844311936fa9dd3c485a82d2a8731fe7b4af83dad6ff056409e72f8159601c2dc1b3060874a671d3aac085424151a374cbdbe22a384978

  • SSDEEP

    12288:uy90uFdjii4NWhhbCRzJU2s/uHeLve2PGzc3vNBaZZ24gg8CnI:uyD4c9CpJjsueL22tvNTuI

Malware Config

Targets

    • Target

      cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b

    • Size

      653KB

    • MD5

      9f854e0263a0e0538da1c2b596a3f93f

    • SHA1

      6922409845c1d42403392c5e3f6d2a5187547fd1

    • SHA256

      cb190aee6e12dc0c81fbfcd479ca53e2983e69e172b6897ebd7f8271696e836b

    • SHA512

      172ba98ddd9faefc47844311936fa9dd3c485a82d2a8731fe7b4af83dad6ff056409e72f8159601c2dc1b3060874a671d3aac085424151a374cbdbe22a384978

    • SSDEEP

      12288:uy90uFdjii4NWhhbCRzJU2s/uHeLve2PGzc3vNBaZZ24gg8CnI:uyD4c9CpJjsueL22tvNTuI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks