General

  • Target

    3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd.exe

  • Size

    706KB

  • Sample

    241113-pb4b3s1gqa

  • MD5

    34ef10852858bd32007422e56ce7edc4

  • SHA1

    3e30657ca855853b07ed32e4eba8cd6fcd151410

  • SHA256

    3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd

  • SHA512

    6ecc7fd85d9a1e40a2a0c0094ba26e0577dbe0a5840dc2fb6e901d424f45b192f26e97afd8876dc20ab7dc937b31d390ffcf14f4db2b7e445cc4252d7d545104

  • SSDEEP

    12288:Ry907EKrFJ5Tz8vJZTYprYwMROWPT1RrXZtRhv8NcpCKBKH2gUdBM:Ry3oFJ5/8xZ0prYxsWP7FhgxULM

Malware Config

Targets

    • Target

      3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd.exe

    • Size

      706KB

    • MD5

      34ef10852858bd32007422e56ce7edc4

    • SHA1

      3e30657ca855853b07ed32e4eba8cd6fcd151410

    • SHA256

      3182d166871e3ed243309c8b8048d05d517ce04c31db4204778e851d46323acd

    • SHA512

      6ecc7fd85d9a1e40a2a0c0094ba26e0577dbe0a5840dc2fb6e901d424f45b192f26e97afd8876dc20ab7dc937b31d390ffcf14f4db2b7e445cc4252d7d545104

    • SSDEEP

      12288:Ry907EKrFJ5Tz8vJZTYprYwMROWPT1RrXZtRhv8NcpCKBKH2gUdBM:Ry3oFJ5/8xZ0prYxsWP7FhgxULM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks