General

  • Target

    2accc039282d5a8aa07dad252a6e5a1f45ec3f039a6f11f103e0db2eee18daab

  • Size

    563KB

  • Sample

    241109-xtlhzszglr

  • MD5

    7e8771f31342b7c26c406a362709e07f

  • SHA1

    d1ff9d50eab58c2a280288165bb9f29541ceecf6

  • SHA256

    2accc039282d5a8aa07dad252a6e5a1f45ec3f039a6f11f103e0db2eee18daab

  • SHA512

    9cd49084b566de64050a0db467e1e9933c1062e1134f41ce4be0f8c82faf5b932f02d22debbc89b40be82bed8142947c1cd7a02d25f56bc6cd54f5402965507e

  • SSDEEP

    12288:Wy90qchbhM8xU0JgvI5MvW36L2d6JHS5FLNWoaRG4M:WyJ3wUnvI5Mvu6Lm6lSzaS

Malware Config

Targets

    • Target

      2accc039282d5a8aa07dad252a6e5a1f45ec3f039a6f11f103e0db2eee18daab

    • Size

      563KB

    • MD5

      7e8771f31342b7c26c406a362709e07f

    • SHA1

      d1ff9d50eab58c2a280288165bb9f29541ceecf6

    • SHA256

      2accc039282d5a8aa07dad252a6e5a1f45ec3f039a6f11f103e0db2eee18daab

    • SHA512

      9cd49084b566de64050a0db467e1e9933c1062e1134f41ce4be0f8c82faf5b932f02d22debbc89b40be82bed8142947c1cd7a02d25f56bc6cd54f5402965507e

    • SSDEEP

      12288:Wy90qchbhM8xU0JgvI5MvW36L2d6JHS5FLNWoaRG4M:WyJ3wUnvI5Mvu6Lm6lSzaS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks