General

  • Target

    15c750257b1d554152cbe0517c8b5015b97a8412ea9a54c57e8a17a0c4c519b3

  • Size

    694KB

  • Sample

    241109-zdy59avjhn

  • MD5

    743eb06b85a746017bd16fe1c8b1a4a1

  • SHA1

    d488b253dc2bd85981400adda38b505dc6b6de80

  • SHA256

    15c750257b1d554152cbe0517c8b5015b97a8412ea9a54c57e8a17a0c4c519b3

  • SHA512

    631e18f3a7bd4cd8f34cf77e6411c7d20d9c8fb1d84c0e32f244ab10ff45f5042db38a0bb60ffb050d49862120aab87b936f2d13b9a55d52a19cf80b260322bc

  • SSDEEP

    12288:Vy9018pCXi5Hw5FTSBUGSQHX6Wu6F918b5KuA+sZJvB:VyAo1lGFMUG/X66F918b5hCjvB

Malware Config

Targets

    • Target

      15c750257b1d554152cbe0517c8b5015b97a8412ea9a54c57e8a17a0c4c519b3

    • Size

      694KB

    • MD5

      743eb06b85a746017bd16fe1c8b1a4a1

    • SHA1

      d488b253dc2bd85981400adda38b505dc6b6de80

    • SHA256

      15c750257b1d554152cbe0517c8b5015b97a8412ea9a54c57e8a17a0c4c519b3

    • SHA512

      631e18f3a7bd4cd8f34cf77e6411c7d20d9c8fb1d84c0e32f244ab10ff45f5042db38a0bb60ffb050d49862120aab87b936f2d13b9a55d52a19cf80b260322bc

    • SSDEEP

      12288:Vy9018pCXi5Hw5FTSBUGSQHX6Wu6F918b5KuA+sZJvB:VyAo1lGFMUG/X66F918b5hCjvB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks