General

  • Target

    0b4aea3b555b3f1347cc483889eaeeab64399fe4fc3b819d81b647ec050cfd46N.exe

  • Size

    468KB

  • Sample

    241112-zawkyszkcs

  • MD5

    5040e9e79b2a8bf035607d4465e7edd0

  • SHA1

    305636e563dd2b156ceb833c9d5e6b531d336a5b

  • SHA256

    0b4aea3b555b3f1347cc483889eaeeab64399fe4fc3b819d81b647ec050cfd46

  • SHA512

    b7cd324ce40b019aa5ef77313b5a41fd240dbd5299e4106b1884bdf880e088868ceaf46e9f3538595be2ac639762722e0c03317d3847c10938afc770998478b8

  • SSDEEP

    6144:3Op0yN90QE2Ka1nNlD/l23fdQ0rli11wVKY1D9M3hqjxjceq5VhKc5UkqeiVqq:/y908nlB2/A8VKQK3Cceq5NgFVqq

Malware Config

Targets

    • Target

      0b4aea3b555b3f1347cc483889eaeeab64399fe4fc3b819d81b647ec050cfd46N.exe

    • Size

      468KB

    • MD5

      5040e9e79b2a8bf035607d4465e7edd0

    • SHA1

      305636e563dd2b156ceb833c9d5e6b531d336a5b

    • SHA256

      0b4aea3b555b3f1347cc483889eaeeab64399fe4fc3b819d81b647ec050cfd46

    • SHA512

      b7cd324ce40b019aa5ef77313b5a41fd240dbd5299e4106b1884bdf880e088868ceaf46e9f3538595be2ac639762722e0c03317d3847c10938afc770998478b8

    • SSDEEP

      6144:3Op0yN90QE2Ka1nNlD/l23fdQ0rli11wVKY1D9M3hqjxjceq5VhKc5UkqeiVqq:/y908nlB2/A8VKQK3Cceq5NgFVqq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks