General

  • Target

    d60e64d13ecbd0edc597e82a0cf6b4e153e86a28a1b6523378f3cc21f0cd5d75

  • Size

    479KB

  • Sample

    241110-a5zhnavncy

  • MD5

    b64d9d197ecd8881ab613a3a0c88d9c1

  • SHA1

    b7ab96f2402dc86dc1b339fccc7abac72ff37898

  • SHA256

    d60e64d13ecbd0edc597e82a0cf6b4e153e86a28a1b6523378f3cc21f0cd5d75

  • SHA512

    c9b52d99d72855417052966eb6a43e11e103439c892d6a577ae698f62fae6431197a538f1debe6a7598a7430817c6c819f9fcf050e2e72a65de968654c95b0f7

  • SSDEEP

    12288:1Mr+y90bZPgg/pKbsFc6bjyWQAkkPlMd4:/yUZPgg/kbsHbOWQDAa2

Malware Config

Targets

    • Target

      d60e64d13ecbd0edc597e82a0cf6b4e153e86a28a1b6523378f3cc21f0cd5d75

    • Size

      479KB

    • MD5

      b64d9d197ecd8881ab613a3a0c88d9c1

    • SHA1

      b7ab96f2402dc86dc1b339fccc7abac72ff37898

    • SHA256

      d60e64d13ecbd0edc597e82a0cf6b4e153e86a28a1b6523378f3cc21f0cd5d75

    • SHA512

      c9b52d99d72855417052966eb6a43e11e103439c892d6a577ae698f62fae6431197a538f1debe6a7598a7430817c6c819f9fcf050e2e72a65de968654c95b0f7

    • SSDEEP

      12288:1Mr+y90bZPgg/pKbsFc6bjyWQAkkPlMd4:/yUZPgg/kbsHbOWQDAa2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks