General

  • Target

    13334548d0a5adeed47fc28437c61eba9a55dfaf18c835e495b7693476231d9a

  • Size

    694KB

  • Sample

    241109-x4hj3szhqg

  • MD5

    a1ca979c32ec0bc4bb3bf12d03e8c6a0

  • SHA1

    59b536c06bb9763a04c10ccec7618a2fbec0c144

  • SHA256

    13334548d0a5adeed47fc28437c61eba9a55dfaf18c835e495b7693476231d9a

  • SHA512

    c5f0e4251603648be7d2f8eda98eab8c58de3ae664e42a628a1165683fce78e961bf8b7d2039e329f64489252f0c7bb4f3c37d59f33710a1eb2d0d584147ef36

  • SSDEEP

    12288:py906hMP+LuD2TwyehFThdThswWe6Fp18byK4A+XcYXnuUa:pyOy+FbThsU6Fp18byzWY3uUa

Malware Config

Targets

    • Target

      13334548d0a5adeed47fc28437c61eba9a55dfaf18c835e495b7693476231d9a

    • Size

      694KB

    • MD5

      a1ca979c32ec0bc4bb3bf12d03e8c6a0

    • SHA1

      59b536c06bb9763a04c10ccec7618a2fbec0c144

    • SHA256

      13334548d0a5adeed47fc28437c61eba9a55dfaf18c835e495b7693476231d9a

    • SHA512

      c5f0e4251603648be7d2f8eda98eab8c58de3ae664e42a628a1165683fce78e961bf8b7d2039e329f64489252f0c7bb4f3c37d59f33710a1eb2d0d584147ef36

    • SSDEEP

      12288:py906hMP+LuD2TwyehFThdThswWe6Fp18byK4A+XcYXnuUa:pyOy+FbThsU6Fp18byzWY3uUa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks