General

  • Target

    6ebf9d9e3649871c4ae2541134bf1d61c40be5108fb64b595ca735a0e5a54619N

  • Size

    747KB

  • Sample

    241110-b5n8cszkgr

  • MD5

    d12d732d2f792bcd3a8f0b71d8371d70

  • SHA1

    51127b1f01d435941ec962b5b2723fdf5669bc10

  • SHA256

    6ebf9d9e3649871c4ae2541134bf1d61c40be5108fb64b595ca735a0e5a54619

  • SHA512

    0b3338b2de1fb479c0ab2e7b822f2368d0242d157303e2483ec49e001b7e2b611cfc086bc76d66fb209e21507a786dffec6864a41f311c5d2775514459ced623

  • SSDEEP

    12288:jy90OXJihefJnTBTi3oMEuXD0UghLdEJd6nDRa6OlQ43NPgbFCXxmyqO:jyPTTBqoMEWD0phOJkDYR5NPCix9

Malware Config

Targets

    • Target

      6ebf9d9e3649871c4ae2541134bf1d61c40be5108fb64b595ca735a0e5a54619N

    • Size

      747KB

    • MD5

      d12d732d2f792bcd3a8f0b71d8371d70

    • SHA1

      51127b1f01d435941ec962b5b2723fdf5669bc10

    • SHA256

      6ebf9d9e3649871c4ae2541134bf1d61c40be5108fb64b595ca735a0e5a54619

    • SHA512

      0b3338b2de1fb479c0ab2e7b822f2368d0242d157303e2483ec49e001b7e2b611cfc086bc76d66fb209e21507a786dffec6864a41f311c5d2775514459ced623

    • SSDEEP

      12288:jy90OXJihefJnTBTi3oMEuXD0UghLdEJd6nDRa6OlQ43NPgbFCXxmyqO:jyPTTBqoMEWD0phOJkDYR5NPCix9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks