General

  • Target

    f27121d70a03997c8cdb31ccc8f75550349dfd096551d7b4839c20b46b637cbf.exe

  • Size

    608KB

  • Sample

    241112-x1a1tsxrh1

  • MD5

    64b940746d57a89fbcbd8ab6079cecc4

  • SHA1

    57b753e12672bc4b62d77b2077f1536a0b009b57

  • SHA256

    f27121d70a03997c8cdb31ccc8f75550349dfd096551d7b4839c20b46b637cbf

  • SHA512

    d61ddb72ffa7080f372ddd6799628bdca4bcdbf1f3e5299646b6e920caf00ac8f7ce83121260ffd82f43ce262b8a6e2a00761c5733ce9fac5afacc026a19c1e6

  • SSDEEP

    12288:Ky90lqrPkMy8ptvNUFvtevgSlUoNtDZs3E4Y90:KyfwUvu6ll1tP480

Malware Config

Targets

    • Target

      f27121d70a03997c8cdb31ccc8f75550349dfd096551d7b4839c20b46b637cbf.exe

    • Size

      608KB

    • MD5

      64b940746d57a89fbcbd8ab6079cecc4

    • SHA1

      57b753e12672bc4b62d77b2077f1536a0b009b57

    • SHA256

      f27121d70a03997c8cdb31ccc8f75550349dfd096551d7b4839c20b46b637cbf

    • SHA512

      d61ddb72ffa7080f372ddd6799628bdca4bcdbf1f3e5299646b6e920caf00ac8f7ce83121260ffd82f43ce262b8a6e2a00761c5733ce9fac5afacc026a19c1e6

    • SSDEEP

      12288:Ky90lqrPkMy8ptvNUFvtevgSlUoNtDZs3E4Y90:KyfwUvu6ll1tP480

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks