General

  • Target

    116800c06cb6becdf6fe6f74c971fd7caa41a72d4d7cf2751c1783cc6b7685c6.exe

  • Size

    406KB

  • Sample

    241112-xklsdsxpd1

  • MD5

    573250db801a3fb9f86927e58914d438

  • SHA1

    6fe10b84b9d2e6e1ddf2f6af7ee34bc5a9850d32

  • SHA256

    116800c06cb6becdf6fe6f74c971fd7caa41a72d4d7cf2751c1783cc6b7685c6

  • SHA512

    362a614a86e0ad174af92ad41a81c34e532fcea24ec02ed01c9996e0728dd520cb12827d3f8f0e3a499c3dd4cf36520f4b5708b4b9e8a0804a04dd308917b71a

  • SSDEEP

    12288:py905Y9AWuq+phUKXFTn1B0udVJvlVo5t:pyHabPRikVut

Malware Config

Targets

    • Target

      116800c06cb6becdf6fe6f74c971fd7caa41a72d4d7cf2751c1783cc6b7685c6.exe

    • Size

      406KB

    • MD5

      573250db801a3fb9f86927e58914d438

    • SHA1

      6fe10b84b9d2e6e1ddf2f6af7ee34bc5a9850d32

    • SHA256

      116800c06cb6becdf6fe6f74c971fd7caa41a72d4d7cf2751c1783cc6b7685c6

    • SHA512

      362a614a86e0ad174af92ad41a81c34e532fcea24ec02ed01c9996e0728dd520cb12827d3f8f0e3a499c3dd4cf36520f4b5708b4b9e8a0804a04dd308917b71a

    • SSDEEP

      12288:py905Y9AWuq+phUKXFTn1B0udVJvlVo5t:pyHabPRikVut

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks