General

  • Target

    a13c09f38bd12fb44448088651ab8f469f871b0f46fd0bdf50fb4058a7aa84b7

  • Size

    479KB

  • Sample

    241111-hs61zaymck

  • MD5

    70965e27bfb0230d6f9f18fe707f3a04

  • SHA1

    8cd36fbdb1da8adb865a00dc1f34ef401962ef04

  • SHA256

    a13c09f38bd12fb44448088651ab8f469f871b0f46fd0bdf50fb4058a7aa84b7

  • SHA512

    e522cea64f7f7aa6d838c5bff660b3f64de580ad2e0f14b3f0b4cd2e98e7da8f2d506f365f5f5fc3b7bbe4661b7ac3ab59507695566d1c321f549068f3a5d49a

  • SSDEEP

    12288:GMrUy9092CH078o5c1u31ITcx7kLOQbDPjNQDjXkYiHu:my5CH07bXiTqGpDP5p3u

Malware Config

Targets

    • Target

      a13c09f38bd12fb44448088651ab8f469f871b0f46fd0bdf50fb4058a7aa84b7

    • Size

      479KB

    • MD5

      70965e27bfb0230d6f9f18fe707f3a04

    • SHA1

      8cd36fbdb1da8adb865a00dc1f34ef401962ef04

    • SHA256

      a13c09f38bd12fb44448088651ab8f469f871b0f46fd0bdf50fb4058a7aa84b7

    • SHA512

      e522cea64f7f7aa6d838c5bff660b3f64de580ad2e0f14b3f0b4cd2e98e7da8f2d506f365f5f5fc3b7bbe4661b7ac3ab59507695566d1c321f549068f3a5d49a

    • SSDEEP

      12288:GMrUy9092CH078o5c1u31ITcx7kLOQbDPjNQDjXkYiHu:my5CH07bXiTqGpDP5p3u

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks