General

  • Target

    f16e4705a74035956c998b410743ac5183cb873177032627dc5c96a2e634647aN

  • Size

    537KB

  • Sample

    241109-xnhvxasqck

  • MD5

    dfc675bfacb3cbe4e581d949028b7800

  • SHA1

    b1ace92de5e1bd79e979d8814d6b78bca86c0014

  • SHA256

    f16e4705a74035956c998b410743ac5183cb873177032627dc5c96a2e634647a

  • SHA512

    e7b721764e4a0a89736985e659b44034b62bd03a0ecd8012e32372e2965ab423bc6bbaba5747543a44d68f0345f54208c2af89b6f5d1ae19d8bacd0c46e38e78

  • SSDEEP

    12288:wy90GlfQYmO4MW66Gqau9B/nCe2o7C6fANBybn:wy4Yv4LGqaktx2WAN0bn

Malware Config

Targets

    • Target

      f16e4705a74035956c998b410743ac5183cb873177032627dc5c96a2e634647aN

    • Size

      537KB

    • MD5

      dfc675bfacb3cbe4e581d949028b7800

    • SHA1

      b1ace92de5e1bd79e979d8814d6b78bca86c0014

    • SHA256

      f16e4705a74035956c998b410743ac5183cb873177032627dc5c96a2e634647a

    • SHA512

      e7b721764e4a0a89736985e659b44034b62bd03a0ecd8012e32372e2965ab423bc6bbaba5747543a44d68f0345f54208c2af89b6f5d1ae19d8bacd0c46e38e78

    • SSDEEP

      12288:wy90GlfQYmO4MW66Gqau9B/nCe2o7C6fANBybn:wy4Yv4LGqaktx2WAN0bn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks