General

  • Target

    565b9c2c08095d37a3ad6a40fb9c92d1458772e22f385e1f7ca591d6ebd3f5d6

  • Size

    690KB

  • Sample

    241110-ej5vrsyhjr

  • MD5

    d6570f566f7e2a0ed2315f3afaa6035f

  • SHA1

    5fcae63182b70a716aaa3e9f6779961b56462b82

  • SHA256

    565b9c2c08095d37a3ad6a40fb9c92d1458772e22f385e1f7ca591d6ebd3f5d6

  • SHA512

    2881285c67c107755538bcca23c3462c4077465ec1fc1e2c3126535c62b7132736b249b97e584aa76ceabd50c89dd43d21716d294c6e3a2bf000fc947c220478

  • SSDEEP

    12288:Jy90v8dmDHm1sjefXgigcP9JkOaXWXA2b922TBSflmCiiTf6bem+gWFJm:JyofDHksGXRP9JiuPbw2sNiu6beWR

Malware Config

Targets

    • Target

      565b9c2c08095d37a3ad6a40fb9c92d1458772e22f385e1f7ca591d6ebd3f5d6

    • Size

      690KB

    • MD5

      d6570f566f7e2a0ed2315f3afaa6035f

    • SHA1

      5fcae63182b70a716aaa3e9f6779961b56462b82

    • SHA256

      565b9c2c08095d37a3ad6a40fb9c92d1458772e22f385e1f7ca591d6ebd3f5d6

    • SHA512

      2881285c67c107755538bcca23c3462c4077465ec1fc1e2c3126535c62b7132736b249b97e584aa76ceabd50c89dd43d21716d294c6e3a2bf000fc947c220478

    • SSDEEP

      12288:Jy90v8dmDHm1sjefXgigcP9JkOaXWXA2b922TBSflmCiiTf6bem+gWFJm:JyofDHksGXRP9JiuPbw2sNiu6beWR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks