General

  • Target

    fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836

  • Size

    1.2MB

  • Sample

    241109-xtwnyszjdx

  • MD5

    78cac4584c9f6aef5520caccdc4f6c81

  • SHA1

    56246575edaf00555e5d3033573fd79001a31457

  • SHA256

    fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836

  • SHA512

    678e6173307e9e345bbc8e86361a0061125f82ad8b106edfd0678e80bd92f3d513690c0007aab3bcd55e83284fb3f3ea20b28b9e1ef1e95993539be11b2bd75e

  • SSDEEP

    24576:NcfsVIKzRLTr3vkFjAacR3lMERO6s0fYK++YSYuugo4cyC/:Nc+I8X8FjAacEER9NYK+lngo4cyC

Malware Config

Targets

    • Target

      fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836

    • Size

      1.2MB

    • MD5

      78cac4584c9f6aef5520caccdc4f6c81

    • SHA1

      56246575edaf00555e5d3033573fd79001a31457

    • SHA256

      fbab654b8eea5149d6a1421d7f3f0a602cd42ad7dbd8057563a88b9c3366e836

    • SHA512

      678e6173307e9e345bbc8e86361a0061125f82ad8b106edfd0678e80bd92f3d513690c0007aab3bcd55e83284fb3f3ea20b28b9e1ef1e95993539be11b2bd75e

    • SSDEEP

      24576:NcfsVIKzRLTr3vkFjAacR3lMERO6s0fYK++YSYuugo4cyC/:Nc+I8X8FjAacEER9NYK+lngo4cyC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks