General

  • Target

    593dd36272281d5b4b98c6bd2394ca6922c00c4142d6a0127ac8acef94a9fc58

  • Size

    1.2MB

  • Sample

    241109-zcklgavjgk

  • MD5

    e67b64e838f7d154b4cfd05fa7bcda70

  • SHA1

    89b1a19857c1a68bcb2158dc419247c55a91a5ea

  • SHA256

    593dd36272281d5b4b98c6bd2394ca6922c00c4142d6a0127ac8acef94a9fc58

  • SHA512

    de59b5f6968394982214cd7efa164074795f756b158636187c303967871d69488d0bda8ded348e426831319f0fffed855cc5e3eccf85bc131b875393395adb7d

  • SSDEEP

    24576:dVQCVvyI/k4Zf9YMGp77zdd0ZKUNk9e0KUDsM1dpkJNK35m:dVtvhk499YMGVzddAge0KUDsiyNK

Malware Config

Targets

    • Target

      593dd36272281d5b4b98c6bd2394ca6922c00c4142d6a0127ac8acef94a9fc58

    • Size

      1.2MB

    • MD5

      e67b64e838f7d154b4cfd05fa7bcda70

    • SHA1

      89b1a19857c1a68bcb2158dc419247c55a91a5ea

    • SHA256

      593dd36272281d5b4b98c6bd2394ca6922c00c4142d6a0127ac8acef94a9fc58

    • SHA512

      de59b5f6968394982214cd7efa164074795f756b158636187c303967871d69488d0bda8ded348e426831319f0fffed855cc5e3eccf85bc131b875393395adb7d

    • SSDEEP

      24576:dVQCVvyI/k4Zf9YMGp77zdd0ZKUNk9e0KUDsM1dpkJNK35m:dVtvhk499YMGVzddAge0KUDsiyNK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks