General

  • Target

    15f850587c7364b2ee094f055c265072512b151c1cb063f3169050b7065a31c1

  • Size

    479KB

  • Sample

    241110-b291nazkdk

  • MD5

    a9250a600e470a9144b3ff771535d50b

  • SHA1

    8b8426eec34d5952e4e69b5423aeb3e773d974cd

  • SHA256

    15f850587c7364b2ee094f055c265072512b151c1cb063f3169050b7065a31c1

  • SHA512

    1a1376b98e08c89c4fae0f1b522cbc8b0ae9e5257ab542c98311f0316959b502571439bd910dc29908a30e2cbdd6363a6c2fac8c6c81fc8a2d8fa3a89a6f6b83

  • SSDEEP

    6144:KLy+bnr+/p0yN90QEcLdh+HepZo5XcV9q2fCEH3vtZcLMgbz5Q9trYflQN0rYfBx:VMrvy902Kb5FkHHft6L5DfC94+JmmZr

Malware Config

Targets

    • Target

      15f850587c7364b2ee094f055c265072512b151c1cb063f3169050b7065a31c1

    • Size

      479KB

    • MD5

      a9250a600e470a9144b3ff771535d50b

    • SHA1

      8b8426eec34d5952e4e69b5423aeb3e773d974cd

    • SHA256

      15f850587c7364b2ee094f055c265072512b151c1cb063f3169050b7065a31c1

    • SHA512

      1a1376b98e08c89c4fae0f1b522cbc8b0ae9e5257ab542c98311f0316959b502571439bd910dc29908a30e2cbdd6363a6c2fac8c6c81fc8a2d8fa3a89a6f6b83

    • SSDEEP

      6144:KLy+bnr+/p0yN90QEcLdh+HepZo5XcV9q2fCEH3vtZcLMgbz5Q9trYflQN0rYfBx:VMrvy902Kb5FkHHft6L5DfC94+JmmZr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks