General

  • Target

    6590974e71a7b54d9a65ee9a4864932afe9ef6ed9f0f0cbc23fef475f955ed84N.exe

  • Size

    409KB

  • Sample

    241112-x2e16ssmgp

  • MD5

    0011da2f33cb92a04809643811462330

  • SHA1

    4e6e97a8af39ef1949ce2ac13d5704c8eaa8a979

  • SHA256

    6590974e71a7b54d9a65ee9a4864932afe9ef6ed9f0f0cbc23fef475f955ed84

  • SHA512

    10c520aa965542e260723dfc831fb916fdc4312c085c7c594c4e959d4f11858098c2fbad10597e0a2e8e29729ff196683bd9ff192480c4e348069879f5c2ec14

  • SSDEEP

    6144:Zxp0yN90QEsS1gF96OZvJu8Tiz7xEsamwer5A7DCpS0Ko4bPeav9baMuwZ:6y90mignK8uREfmpl8L0roeagsZ

Malware Config

Targets

    • Target

      6590974e71a7b54d9a65ee9a4864932afe9ef6ed9f0f0cbc23fef475f955ed84N.exe

    • Size

      409KB

    • MD5

      0011da2f33cb92a04809643811462330

    • SHA1

      4e6e97a8af39ef1949ce2ac13d5704c8eaa8a979

    • SHA256

      6590974e71a7b54d9a65ee9a4864932afe9ef6ed9f0f0cbc23fef475f955ed84

    • SHA512

      10c520aa965542e260723dfc831fb916fdc4312c085c7c594c4e959d4f11858098c2fbad10597e0a2e8e29729ff196683bd9ff192480c4e348069879f5c2ec14

    • SSDEEP

      6144:Zxp0yN90QEsS1gF96OZvJu8Tiz7xEsamwer5A7DCpS0Ko4bPeav9baMuwZ:6y90mignK8uREfmpl8L0roeagsZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks