General

  • Target

    4577f54ff4ff78c2ca57e9ca2fa157b858222c1165809dfba5d0916a31babf83

  • Size

    827KB

  • Sample

    241111-htblfstrhs

  • MD5

    d778937b4f73fba80dc8550ec37774dd

  • SHA1

    c4f6840c2be5e247b1a05ef0f32329b9434531cb

  • SHA256

    4577f54ff4ff78c2ca57e9ca2fa157b858222c1165809dfba5d0916a31babf83

  • SHA512

    017c6c4f0105117338d9808e1545153a6fd03a1960e2d5423a33ff772e62e1762e473c10815adb8c16114b87fb9c318f3b73091b919c74871677d3c7e29d9334

  • SSDEEP

    12288:5y90vVOIR/HsxmemZk0yLHbwi6f5/mBF/M8YHlmtLd9w5xaaZXfdrLbnAHz6v:5yJIR/Mxm5Zk1wV/mH30m96tfNbAev

Malware Config

Targets

    • Target

      4577f54ff4ff78c2ca57e9ca2fa157b858222c1165809dfba5d0916a31babf83

    • Size

      827KB

    • MD5

      d778937b4f73fba80dc8550ec37774dd

    • SHA1

      c4f6840c2be5e247b1a05ef0f32329b9434531cb

    • SHA256

      4577f54ff4ff78c2ca57e9ca2fa157b858222c1165809dfba5d0916a31babf83

    • SHA512

      017c6c4f0105117338d9808e1545153a6fd03a1960e2d5423a33ff772e62e1762e473c10815adb8c16114b87fb9c318f3b73091b919c74871677d3c7e29d9334

    • SSDEEP

      12288:5y90vVOIR/HsxmemZk0yLHbwi6f5/mBF/M8YHlmtLd9w5xaaZXfdrLbnAHz6v:5yJIR/Mxm5Zk1wV/mH30m96tfNbAev

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks