General

  • Target

    b5e7a0c012504e94852b2f77f00ca4d845fb9bc9a98b0d059b939c9930eb5349

  • Size

    695KB

  • Sample

    241111-hke8aavdqr

  • MD5

    78f1ba1a47508a147b182b60f2bfb077

  • SHA1

    721e0ff4ca67f8c4e40fb66de637fc810d4bbc62

  • SHA256

    b5e7a0c012504e94852b2f77f00ca4d845fb9bc9a98b0d059b939c9930eb5349

  • SHA512

    bc3ed25932bc656c552d16340332d6b155b21bd7f49b6cbe0f1bcee023f8fd93bd7953b8de4ae29c076f2d968185f26a4754e1bfffefdbb68c52dc6c729bf283

  • SSDEEP

    12288:4y90+RurF6xKOIbojIqcepZ59M98mUXVNH7B/WAP52qdpfp:4yZyOBL9+SNH7B+A3dhp

Malware Config

Targets

    • Target

      b5e7a0c012504e94852b2f77f00ca4d845fb9bc9a98b0d059b939c9930eb5349

    • Size

      695KB

    • MD5

      78f1ba1a47508a147b182b60f2bfb077

    • SHA1

      721e0ff4ca67f8c4e40fb66de637fc810d4bbc62

    • SHA256

      b5e7a0c012504e94852b2f77f00ca4d845fb9bc9a98b0d059b939c9930eb5349

    • SHA512

      bc3ed25932bc656c552d16340332d6b155b21bd7f49b6cbe0f1bcee023f8fd93bd7953b8de4ae29c076f2d968185f26a4754e1bfffefdbb68c52dc6c729bf283

    • SSDEEP

      12288:4y90+RurF6xKOIbojIqcepZ59M98mUXVNH7B/WAP52qdpfp:4yZyOBL9+SNH7B+A3dhp

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks