General

  • Target

    bac11275526c046c0f5aec2e939fb1b065ba31b0495df5ca5ae2555e938695bc

  • Size

    923KB

  • Sample

    241111-hkydvstqft

  • MD5

    4cccc3c1ea403a4a810cbc4ebb79fa17

  • SHA1

    8b890b39c52f2935fbbfb1d4e1ca2a00af747acd

  • SHA256

    bac11275526c046c0f5aec2e939fb1b065ba31b0495df5ca5ae2555e938695bc

  • SHA512

    baa3073181ef19233cc79a52ee1555154a2f002b95f40e99d4759b19dc45e35c18f4ccf5ea3cb457243febf57c28ab57f97058a827107e486770765bfd5df9a7

  • SSDEEP

    24576:qyDfl/LvlK1iuI6cw+v9tlVrjrUNvZt8YNuF:xDflLM1iu3cwg9tlVrjrUNxt8YN

Malware Config

Targets

    • Target

      bac11275526c046c0f5aec2e939fb1b065ba31b0495df5ca5ae2555e938695bc

    • Size

      923KB

    • MD5

      4cccc3c1ea403a4a810cbc4ebb79fa17

    • SHA1

      8b890b39c52f2935fbbfb1d4e1ca2a00af747acd

    • SHA256

      bac11275526c046c0f5aec2e939fb1b065ba31b0495df5ca5ae2555e938695bc

    • SHA512

      baa3073181ef19233cc79a52ee1555154a2f002b95f40e99d4759b19dc45e35c18f4ccf5ea3cb457243febf57c28ab57f97058a827107e486770765bfd5df9a7

    • SSDEEP

      24576:qyDfl/LvlK1iuI6cw+v9tlVrjrUNvZt8YNuF:xDflLM1iu3cwg9tlVrjrUNxt8YN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks