General

  • Target

    837238719ab68c7c8a8d6b3ca460830ef3e4f9592312a152240e06811c96724a

  • Size

    703KB

  • Sample

    241109-xsheyazjbz

  • MD5

    0c72b01161008f45f7cad6d0c0ff3c3f

  • SHA1

    2675a77ccb32bed449b30a32f6cc7a3e0a11f7f2

  • SHA256

    837238719ab68c7c8a8d6b3ca460830ef3e4f9592312a152240e06811c96724a

  • SHA512

    60ba7dc9d625058464b1ec93f7cde453db00f70937b4b608564acaa499c574f67eb65f0c12e4c1bd0d255bc036cf4a6ede4f5c848f90587fb19b7e7841cbc9e6

  • SSDEEP

    12288:ty90RM25xFdCHJ+yvFgIrlzp1ICW48CQ3XjVTD0rkeaXiQBpx:tyEM25/dCpxRcG8CQ3TV2PHU

Malware Config

Targets

    • Target

      837238719ab68c7c8a8d6b3ca460830ef3e4f9592312a152240e06811c96724a

    • Size

      703KB

    • MD5

      0c72b01161008f45f7cad6d0c0ff3c3f

    • SHA1

      2675a77ccb32bed449b30a32f6cc7a3e0a11f7f2

    • SHA256

      837238719ab68c7c8a8d6b3ca460830ef3e4f9592312a152240e06811c96724a

    • SHA512

      60ba7dc9d625058464b1ec93f7cde453db00f70937b4b608564acaa499c574f67eb65f0c12e4c1bd0d255bc036cf4a6ede4f5c848f90587fb19b7e7841cbc9e6

    • SSDEEP

      12288:ty90RM25xFdCHJ+yvFgIrlzp1ICW48CQ3XjVTD0rkeaXiQBpx:tyEM25/dCpxRcG8CQ3TV2PHU

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks