Overview

overview

10

Static

static

3

b429ba020b...cc.exe

windows7-x64

10

b429ba020b...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b429ba020b2b2e58f39f723202eb29b867502ad84fa6b279070223675eb352cc

  • Size

    1.2MB

  • Sample

    241111-cja92szjaz

  • MD5

    3105ebd6274054d43f25a8ed091671f0

  • SHA1

    a512a9ea12694f16a035d0ce882e2b3a61f272db

  • SHA256

    b429ba020b2b2e58f39f723202eb29b867502ad84fa6b279070223675eb352cc

  • SHA512

    11b62649b763caee052a7ef9fc43552c2abeaee795920a12c0964a5ac9044b2ce10dcb54ab03475a651b1888d44d0ac5632ec5b44618a6b242124c8b61c9489f

  • SSDEEP

    24576:lj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:lj76L+oqyf2Bl/ksdr754iw017bmw

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      b429ba020b2b2e58f39f723202eb29b867502ad84fa6b279070223675eb352cc

    • Size

      1.2MB

    • MD5

      3105ebd6274054d43f25a8ed091671f0

    • SHA1

      a512a9ea12694f16a035d0ce882e2b3a61f272db

    • SHA256

      b429ba020b2b2e58f39f723202eb29b867502ad84fa6b279070223675eb352cc

    • SHA512

      11b62649b763caee052a7ef9fc43552c2abeaee795920a12c0964a5ac9044b2ce10dcb54ab03475a651b1888d44d0ac5632ec5b44618a6b242124c8b61c9489f

    • SSDEEP

      24576:lj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:lj76L+oqyf2Bl/ksdr754iw017bmw

    Score
    10/10
    healerredlinediscoverydropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks