General

  • Target

    168d30783a27dc5ee3ae0c7071f5d5a36d1a0c7159389a88653f7482ba5436e6

  • Size

    703KB

  • Sample

    241110-chaxwsxblm

  • MD5

    075ba26774047cf749628f31bb15bff4

  • SHA1

    e9690b1444748c3896f6c4e544107e96ede4eb9a

  • SHA256

    168d30783a27dc5ee3ae0c7071f5d5a36d1a0c7159389a88653f7482ba5436e6

  • SHA512

    20b20b08db5f665aa682f7aeb911a41ec4e09b6f53a99af5155b4dc4d54a9a56c1ffed82e27083c444d6498812e644b221a2857df0444fd9670ace8fb2e373a3

  • SSDEEP

    12288:jy90wTNq0q8+ZIVr/RbHxHFhN5cHfyIHlx4NH7MWCVi0KQZ0JElTub:jyPo0q8pr5b9FhN5IyIFOt7pv0KQCiT0

Malware Config

Targets

    • Target

      168d30783a27dc5ee3ae0c7071f5d5a36d1a0c7159389a88653f7482ba5436e6

    • Size

      703KB

    • MD5

      075ba26774047cf749628f31bb15bff4

    • SHA1

      e9690b1444748c3896f6c4e544107e96ede4eb9a

    • SHA256

      168d30783a27dc5ee3ae0c7071f5d5a36d1a0c7159389a88653f7482ba5436e6

    • SHA512

      20b20b08db5f665aa682f7aeb911a41ec4e09b6f53a99af5155b4dc4d54a9a56c1ffed82e27083c444d6498812e644b221a2857df0444fd9670ace8fb2e373a3

    • SSDEEP

      12288:jy90wTNq0q8+ZIVr/RbHxHFhN5cHfyIHlx4NH7MWCVi0KQZ0JElTub:jyPo0q8pr5b9FhN5IyIFOt7pv0KQCiT0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks