General

  • Target

    6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a

  • Size

    685KB

  • Sample

    241111-hkzxpaylaj

  • MD5

    fdfe8e39d4b278956280d68a3e2da8e4

  • SHA1

    1b25ccb0cfda518ab32ee6fed1fad63cc543a9dc

  • SHA256

    6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a

  • SHA512

    0afbd0d860278b1cc6205e66b6e5e175c4f48a43c44f953830bf526d90c9a0d9392f13a015255726dc958248572db0f5b6bd1d6247e46b33c0a6bc90636de075

  • SSDEEP

    12288:7y90OqI4DnLzpMPXAFTyCSagpuXbkNvwYgXV5uyyx/7phqcvZ2:7yO1nLFFSkuwfXruj1FvZ2

Malware Config

Targets

    • Target

      6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a

    • Size

      685KB

    • MD5

      fdfe8e39d4b278956280d68a3e2da8e4

    • SHA1

      1b25ccb0cfda518ab32ee6fed1fad63cc543a9dc

    • SHA256

      6f7e84c69125f129805352dc302086c4f50851441cbd6d8150fedb85eff9699a

    • SHA512

      0afbd0d860278b1cc6205e66b6e5e175c4f48a43c44f953830bf526d90c9a0d9392f13a015255726dc958248572db0f5b6bd1d6247e46b33c0a6bc90636de075

    • SSDEEP

      12288:7y90OqI4DnLzpMPXAFTyCSagpuXbkNvwYgXV5uyyx/7phqcvZ2:7yO1nLFFSkuwfXruj1FvZ2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks