General

  • Target

    f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366cN.exe

  • Size

    1.0MB

  • Sample

    241112-x646vszbnp

  • MD5

    acb16970bfd637a054a0a8ab85aadfe0

  • SHA1

    1c5050b02446eb832a69bb3d2a0142859953269c

  • SHA256

    f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366c

  • SHA512

    d932f7b958186d957c97af297b5d1a06df3e5346b506e2bd4686795362fcea423e0ebe7383f32f9e15e68557f6a9bb5e086b4524899a2949dc6b59bdc68c1ba5

  • SSDEEP

    24576:WypgdwClFj/RMR1A59KDM9DIppZdoqGRyohWD3:lwFt/mLA59KecpjdXEY

Malware Config

Targets

    • Target

      f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366cN.exe

    • Size

      1.0MB

    • MD5

      acb16970bfd637a054a0a8ab85aadfe0

    • SHA1

      1c5050b02446eb832a69bb3d2a0142859953269c

    • SHA256

      f1220e914c39781f5fac74632b0c6d740c866906214925b183b36b2c9b79366c

    • SHA512

      d932f7b958186d957c97af297b5d1a06df3e5346b506e2bd4686795362fcea423e0ebe7383f32f9e15e68557f6a9bb5e086b4524899a2949dc6b59bdc68c1ba5

    • SSDEEP

      24576:WypgdwClFj/RMR1A59KDM9DIppZdoqGRyohWD3:lwFt/mLA59KecpjdXEY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks