General

  • Target

    587e7011b952f115791a6713032d2b19bade4bdbecee2a4450220ef59d3dc99e

  • Size

    479KB

  • Sample

    241110-djkn6ayapn

  • MD5

    f577caa416133c797958b9f0fef92a2f

  • SHA1

    fdb3359d3b1cda1015baf6e67445945443376ba5

  • SHA256

    587e7011b952f115791a6713032d2b19bade4bdbecee2a4450220ef59d3dc99e

  • SHA512

    b90c01755a628d108423b52b02508a6c3c0d1fee9a2b366d26415b15b8d81069dc44caf106cbee2a20a0592435118064880158848e2a77f1027e00c5578959dc

  • SSDEEP

    12288:YMrOy90Ll17wBPV11TIwFK2gQboaMADiaGqR5Gtol:GyE7SfE2vAU2qRV

Malware Config

Targets

    • Target

      587e7011b952f115791a6713032d2b19bade4bdbecee2a4450220ef59d3dc99e

    • Size

      479KB

    • MD5

      f577caa416133c797958b9f0fef92a2f

    • SHA1

      fdb3359d3b1cda1015baf6e67445945443376ba5

    • SHA256

      587e7011b952f115791a6713032d2b19bade4bdbecee2a4450220ef59d3dc99e

    • SHA512

      b90c01755a628d108423b52b02508a6c3c0d1fee9a2b366d26415b15b8d81069dc44caf106cbee2a20a0592435118064880158848e2a77f1027e00c5578959dc

    • SSDEEP

      12288:YMrOy90Ll17wBPV11TIwFK2gQboaMADiaGqR5Gtol:GyE7SfE2vAU2qRV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks