General

  • Target

    b00a68665087e943c036806d4645ad370fb881efa63376e6cbfcbca260436e0f

  • Size

    653KB

  • Sample

    241111-a4xyfaydnq

  • MD5

    50ab7fef1a400ddd07b9a3a609d08ad0

  • SHA1

    293f2b319e42220e3fce2ece56e632102e3b4f56

  • SHA256

    b00a68665087e943c036806d4645ad370fb881efa63376e6cbfcbca260436e0f

  • SHA512

    1288bc0cb24d3172cb5f66f7b1350f3df39fba8bb6c1762754f0f632d37dce59dc691b6b8dd21ab518a27b8ed9335aae4b8e8a745c91d85e1284cf930805d875

  • SSDEEP

    12288:gy90JQ3JgbDTEGjyX+qv2sGu8euOe2/GztpvNBpZjnWm:gygL1jyX+qOsEeuN2cvNBp

Malware Config

Targets

    • Target

      b00a68665087e943c036806d4645ad370fb881efa63376e6cbfcbca260436e0f

    • Size

      653KB

    • MD5

      50ab7fef1a400ddd07b9a3a609d08ad0

    • SHA1

      293f2b319e42220e3fce2ece56e632102e3b4f56

    • SHA256

      b00a68665087e943c036806d4645ad370fb881efa63376e6cbfcbca260436e0f

    • SHA512

      1288bc0cb24d3172cb5f66f7b1350f3df39fba8bb6c1762754f0f632d37dce59dc691b6b8dd21ab518a27b8ed9335aae4b8e8a745c91d85e1284cf930805d875

    • SSDEEP

      12288:gy90JQ3JgbDTEGjyX+qv2sGu8euOe2/GztpvNBpZjnWm:gygL1jyX+qOsEeuN2cvNBp

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks