General

  • Target

    2b21432e4f8c1c53e36993d0fbdd97e158acd53edede431e54ee3af2d11121ea

  • Size

    1.0MB

  • Sample

    241110-ckvebaznen

  • MD5

    44dae4fadafb9bc1a16373aaf2191495

  • SHA1

    6229a21ba3488802d0fa2b10cb8e83320fa96b3e

  • SHA256

    2b21432e4f8c1c53e36993d0fbdd97e158acd53edede431e54ee3af2d11121ea

  • SHA512

    694a49c5d7902bbfe925c7c39732225123e1a5dd705a6ab61d8fe6559ba0e20754fc501a78923f40d66492f066f1ba18400c594cc746dadcf7e4a8472420abef

  • SSDEEP

    12288:0y90BRDuMgxtJKZAOluY9nwQlifhBj/hlEiTac0XBgw0JIW5HQCKO8BPBfR+J+xK:0ymSK7ogipBDhVdJZjofRvI7nT9CaR

Malware Config

Targets

    • Target

      2b21432e4f8c1c53e36993d0fbdd97e158acd53edede431e54ee3af2d11121ea

    • Size

      1.0MB

    • MD5

      44dae4fadafb9bc1a16373aaf2191495

    • SHA1

      6229a21ba3488802d0fa2b10cb8e83320fa96b3e

    • SHA256

      2b21432e4f8c1c53e36993d0fbdd97e158acd53edede431e54ee3af2d11121ea

    • SHA512

      694a49c5d7902bbfe925c7c39732225123e1a5dd705a6ab61d8fe6559ba0e20754fc501a78923f40d66492f066f1ba18400c594cc746dadcf7e4a8472420abef

    • SSDEEP

      12288:0y90BRDuMgxtJKZAOluY9nwQlifhBj/hlEiTac0XBgw0JIW5HQCKO8BPBfR+J+xK:0ymSK7ogipBDhVdJZjofRvI7nT9CaR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks