General

  • Target

    17d0b254444653de3dd454414c5e6edafc23d7ff6848ce0822f7b4963fc71c1d

  • Size

    563KB

  • Sample

    241111-hj2d5atqd1

  • MD5

    389d7b56485db298ff6243cfef99b812

  • SHA1

    388ede02df8e96b96cc0fc558e4310a01f92d7d0

  • SHA256

    17d0b254444653de3dd454414c5e6edafc23d7ff6848ce0822f7b4963fc71c1d

  • SHA512

    92cd3f49a0bd83c807a719151d61b707c98af76327e67208caf19ce6f182d394cae0582061bc0fde5e399a1387591e7f1c409abf182113c206c25aa841a63eeb

  • SSDEEP

    12288:by90m7CvbYC3biGpQULl1GMSxuoVQI67kG8EU+eywmZ:by1Ovb5rhl2xhV5u8EUPa

Malware Config

Targets

    • Target

      17d0b254444653de3dd454414c5e6edafc23d7ff6848ce0822f7b4963fc71c1d

    • Size

      563KB

    • MD5

      389d7b56485db298ff6243cfef99b812

    • SHA1

      388ede02df8e96b96cc0fc558e4310a01f92d7d0

    • SHA256

      17d0b254444653de3dd454414c5e6edafc23d7ff6848ce0822f7b4963fc71c1d

    • SHA512

      92cd3f49a0bd83c807a719151d61b707c98af76327e67208caf19ce6f182d394cae0582061bc0fde5e399a1387591e7f1c409abf182113c206c25aa841a63eeb

    • SSDEEP

      12288:by90m7CvbYC3biGpQULl1GMSxuoVQI67kG8EU+eywmZ:by1Ovb5rhl2xhV5u8EUPa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks