General

  • Target

    12d93725da4309f7fd8b8a6c0181e0397a5bb6e01fcd6ee28c4055f9c8f36137

  • Size

    479KB

  • Sample

    241110-ckph3axcjl

  • MD5

    4436355c5ab5ff692911daec20616f67

  • SHA1

    6704e5c145b70e1dd8a3c58a59436c999cceba89

  • SHA256

    12d93725da4309f7fd8b8a6c0181e0397a5bb6e01fcd6ee28c4055f9c8f36137

  • SHA512

    9ea9280034fefa821a1717fdc5c8a103c5d2e44f4710e729ff11f8c20fc80ad1cc7d2a7dab0de26b929fb6317953e857a0c4deb3a8178a4a377f94ba8f4d92fd

  • SSDEEP

    12288:WMrky90Usg8PeR2/BKyia9YazqZMAbdAS:6ybsRmR25oNb6S

Malware Config

Targets

    • Target

      12d93725da4309f7fd8b8a6c0181e0397a5bb6e01fcd6ee28c4055f9c8f36137

    • Size

      479KB

    • MD5

      4436355c5ab5ff692911daec20616f67

    • SHA1

      6704e5c145b70e1dd8a3c58a59436c999cceba89

    • SHA256

      12d93725da4309f7fd8b8a6c0181e0397a5bb6e01fcd6ee28c4055f9c8f36137

    • SHA512

      9ea9280034fefa821a1717fdc5c8a103c5d2e44f4710e729ff11f8c20fc80ad1cc7d2a7dab0de26b929fb6317953e857a0c4deb3a8178a4a377f94ba8f4d92fd

    • SSDEEP

      12288:WMrky90Usg8PeR2/BKyia9YazqZMAbdAS:6ybsRmR25oNb6S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks