General

  • Target

    de4758db460c60da25966bca5e400accadd7e9d2f6106c1121127321d8699efe

  • Size

    726KB

  • Sample

    241111-gvkebaxqcj

  • MD5

    51600616fb08a35cde6ee41f0be2e391

  • SHA1

    574f1f4f4a1613147b550b5422a4f27eaf83373f

  • SHA256

    de4758db460c60da25966bca5e400accadd7e9d2f6106c1121127321d8699efe

  • SHA512

    b01973350b4a472697ad195bbd58e51eb5fb46da745e59367d197e718b18a34b693f79a4c90bddbac4122c0a993aac6e3dbdce571e2780a118015e6b4fe5a38c

  • SSDEEP

    12288:hy90wECRbjkfrvk42kPdS3bEMi/dHqBLMO3DrI/+QL9w2+7r8ItLaYYysz:hyQ2bjYrvkbQcbEMIKBL93DrW+J2Mr8r

Malware Config

Targets

    • Target

      de4758db460c60da25966bca5e400accadd7e9d2f6106c1121127321d8699efe

    • Size

      726KB

    • MD5

      51600616fb08a35cde6ee41f0be2e391

    • SHA1

      574f1f4f4a1613147b550b5422a4f27eaf83373f

    • SHA256

      de4758db460c60da25966bca5e400accadd7e9d2f6106c1121127321d8699efe

    • SHA512

      b01973350b4a472697ad195bbd58e51eb5fb46da745e59367d197e718b18a34b693f79a4c90bddbac4122c0a993aac6e3dbdce571e2780a118015e6b4fe5a38c

    • SSDEEP

      12288:hy90wECRbjkfrvk42kPdS3bEMi/dHqBLMO3DrI/+QL9w2+7r8ItLaYYysz:hyQ2bjYrvkbQcbEMIKBL93DrW+J2Mr8r

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks