General

  • Target

    de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2.exe

  • Size

    691KB

  • Sample

    241111-hf1nesvdlp

  • MD5

    9ffa5221aed67039ff10188709cb6187

  • SHA1

    b52f2106bd487b3eb8779292a73e2ee41108a616

  • SHA256

    de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2

  • SHA512

    511da8521122d60d1667b916b6754145297240f9babd629ce24a9b58f9562477f37a2fb74ad026964eb0dfa76b5a2c62a8c2084f470c349caa731c1107682bcd

  • SSDEEP

    12288:7y90wGSYMZJis4AKb5x7htBv8M98e2C7CGjUANBlbLqt+78g:7yXxnR4r7Dv9n2yAANDbutu8g

Malware Config

Targets

    • Target

      de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2.exe

    • Size

      691KB

    • MD5

      9ffa5221aed67039ff10188709cb6187

    • SHA1

      b52f2106bd487b3eb8779292a73e2ee41108a616

    • SHA256

      de33e330be3964c06bd3a3b3cc0170d7cba80c4344fef09c4f9aa241dbc5e8c2

    • SHA512

      511da8521122d60d1667b916b6754145297240f9babd629ce24a9b58f9562477f37a2fb74ad026964eb0dfa76b5a2c62a8c2084f470c349caa731c1107682bcd

    • SSDEEP

      12288:7y90wGSYMZJis4AKb5x7htBv8M98e2C7CGjUANBlbLqt+78g:7yXxnR4r7Dv9n2yAANDbutu8g

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks