General

  • Target

    06917caac6067459000a34c50a88296f76272d7b6db74a9976fe1d280efc6c0d

  • Size

    1.5MB

  • Sample

    241110-d5k7ta1rfr

  • MD5

    b07567ec874ba492d2290854354aa56d

  • SHA1

    28b0d7fb4b18276caa2c61a4d71d09ca1d39c38c

  • SHA256

    06917caac6067459000a34c50a88296f76272d7b6db74a9976fe1d280efc6c0d

  • SHA512

    cb6b0c5fe9d94b41bab6cad33312b1aa1de60cd88b749c8a2f60736eb1e4aa6ba75f7fdbaf61bd84e71b5e4325e034b16b9e8ed397677765f1fac07991b276f6

  • SSDEEP

    49152:gnK2fO65GEEIYBblOHSgKQkoBTgE6HoZCAJAm:EK2JGYglOoQko+EkiCAJB

Malware Config

Targets

    • Target

      06917caac6067459000a34c50a88296f76272d7b6db74a9976fe1d280efc6c0d

    • Size

      1.5MB

    • MD5

      b07567ec874ba492d2290854354aa56d

    • SHA1

      28b0d7fb4b18276caa2c61a4d71d09ca1d39c38c

    • SHA256

      06917caac6067459000a34c50a88296f76272d7b6db74a9976fe1d280efc6c0d

    • SHA512

      cb6b0c5fe9d94b41bab6cad33312b1aa1de60cd88b749c8a2f60736eb1e4aa6ba75f7fdbaf61bd84e71b5e4325e034b16b9e8ed397677765f1fac07991b276f6

    • SSDEEP

      49152:gnK2fO65GEEIYBblOHSgKQkoBTgE6HoZCAJAm:EK2JGYglOoQko+EkiCAJB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks