General

  • Target

    7fc95b354c6009ab242fb0d3179c4567f3b1ed387e662cd680f37fb8f73ecdc6N.exe

  • Size

    551KB

  • Sample

    241113-pd81ca1hkf

  • MD5

    da633e005b596d34560fa621fc92aa30

  • SHA1

    7dc1c6fa41408a2d0c2501001222684e7699ab46

  • SHA256

    7fc95b354c6009ab242fb0d3179c4567f3b1ed387e662cd680f37fb8f73ecdc6

  • SHA512

    69c996678ef03db7fac2b77d8316486b218991d2040bafa516011589c8afb983ee69c3b76caea98d533225d200d5e6396b17813d74d0986bce1997bbe805dc68

  • SSDEEP

    12288:qy90OlNorYuTxrVsCaCN78RZXZtRhvCNcqrXk:qyhlqrlxryFhO0

Malware Config

Targets

    • Target

      7fc95b354c6009ab242fb0d3179c4567f3b1ed387e662cd680f37fb8f73ecdc6N.exe

    • Size

      551KB

    • MD5

      da633e005b596d34560fa621fc92aa30

    • SHA1

      7dc1c6fa41408a2d0c2501001222684e7699ab46

    • SHA256

      7fc95b354c6009ab242fb0d3179c4567f3b1ed387e662cd680f37fb8f73ecdc6

    • SHA512

      69c996678ef03db7fac2b77d8316486b218991d2040bafa516011589c8afb983ee69c3b76caea98d533225d200d5e6396b17813d74d0986bce1997bbe805dc68

    • SSDEEP

      12288:qy90OlNorYuTxrVsCaCN78RZXZtRhvCNcqrXk:qyhlqrlxryFhO0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks