General

  • Target

    f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a

  • Size

    829KB

  • Sample

    241109-xnjr7szfje

  • MD5

    d7c5bca97fdf88ecaba713b339f9a276

  • SHA1

    0374c95d6e77bad470892729ee943c42320b7a82

  • SHA256

    f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a

  • SHA512

    d9a93095cca4bc146f3d3ffa030715fef22a8fe15d2f840ff6e50c377d128694b56baae029ba1540b45c457b5fe9fa217d184cf0a75f4df042c8b1afc4f05da3

  • SSDEEP

    24576:TyNDNK6e2EJHPngaR/gRZ0j4b+xzmdRo:m9sYEdPgaR00j4axzmL

Malware Config

Targets

    • Target

      f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a

    • Size

      829KB

    • MD5

      d7c5bca97fdf88ecaba713b339f9a276

    • SHA1

      0374c95d6e77bad470892729ee943c42320b7a82

    • SHA256

      f7dbe3ce94e9ddf5191c50b46c16a47f5d06f08af2cd5c028904e05de523f89a

    • SHA512

      d9a93095cca4bc146f3d3ffa030715fef22a8fe15d2f840ff6e50c377d128694b56baae029ba1540b45c457b5fe9fa217d184cf0a75f4df042c8b1afc4f05da3

    • SSDEEP

      24576:TyNDNK6e2EJHPngaR/gRZ0j4b+xzmdRo:m9sYEdPgaR00j4axzmL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks