General

  • Target

    1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9

  • Size

    691KB

  • Sample

    241110-dzn2hsxrfs

  • MD5

    bdd466d7b09ebbfd160435767894cfc5

  • SHA1

    4c651807b88381c8d1cfe5f93060183e6005a712

  • SHA256

    1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9

  • SHA512

    8bb3fb67044ffcecb95e2f92cd042fe33d22b131c1470386171429eb0c936a3ad247bf30d6d117cc6214d1ad7805eb68b8654c26838c6a68a57d2c60058bd168

  • SSDEEP

    12288:ry90f6vPZpO/j/W5MiyOEEcq2wYiCYM6Qzf3Ze2+7ztAANB2Q8U5H3m6pI:ryGSmy5byOYu7CYMb3U2dANMLOmyI

Malware Config

Targets

    • Target

      1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9

    • Size

      691KB

    • MD5

      bdd466d7b09ebbfd160435767894cfc5

    • SHA1

      4c651807b88381c8d1cfe5f93060183e6005a712

    • SHA256

      1a5b650c4dc74f574176364fc5fed7212f31c3ebc50453ccb8ed0d256842e3f9

    • SHA512

      8bb3fb67044ffcecb95e2f92cd042fe33d22b131c1470386171429eb0c936a3ad247bf30d6d117cc6214d1ad7805eb68b8654c26838c6a68a57d2c60058bd168

    • SSDEEP

      12288:ry90f6vPZpO/j/W5MiyOEEcq2wYiCYM6Qzf3Ze2+7ztAANB2Q8U5H3m6pI:ryGSmy5byOYu7CYMb3U2dANMLOmyI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks