General

  • Target

    13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8

  • Size

    936KB

  • Sample

    241109-xsyrxssrbq

  • MD5

    504fd4e19d3be280efd33a090673d969

  • SHA1

    1cbc6bb9884a9fe1fdaca7952b0cc4b73a97662d

  • SHA256

    13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8

  • SHA512

    64fd1d89fcefad76b5fe126560b08a9f572a9a9ea026656fd023877f41d2b108f36433aee4899e4caeee0603fd9426548144523c20f904eafeef5d7a4b7e4ee3

  • SSDEEP

    24576:jyJ4iiF2LAY/zS9cs2jVlBiPGL/cyI6C4pnbz8:2J5BLUcs2liPG7c7Ib

Malware Config

Targets

    • Target

      13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8

    • Size

      936KB

    • MD5

      504fd4e19d3be280efd33a090673d969

    • SHA1

      1cbc6bb9884a9fe1fdaca7952b0cc4b73a97662d

    • SHA256

      13aa570f5d1366749bf5a022f18859f2df0c96b2667fd226a6b2b00590b257a8

    • SHA512

      64fd1d89fcefad76b5fe126560b08a9f572a9a9ea026656fd023877f41d2b108f36433aee4899e4caeee0603fd9426548144523c20f904eafeef5d7a4b7e4ee3

    • SSDEEP

      24576:jyJ4iiF2LAY/zS9cs2jVlBiPGL/cyI6C4pnbz8:2J5BLUcs2liPG7c7Ib

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks