General

  • Target

    0a46fccbbd65dd5e0be4a68a72ba35ab76635ff0b8929a61465d5dec9c609b8bN.exe

  • Size

    412KB

  • Sample

    241113-pdr2ts1mav

  • MD5

    fd0b9715551be210b7dec38d37e95560

  • SHA1

    033a2e7c207494f51ae16f210169f7793546164e

  • SHA256

    0a46fccbbd65dd5e0be4a68a72ba35ab76635ff0b8929a61465d5dec9c609b8b

  • SHA512

    63f0bea072a5f510f027e807ecdccb2fd6f8245a7a51d728cd36a2c39813d5bf991058e159901806013327c683ed4440e98dc1647dfb42c88d8fc509a72e6cba

  • SSDEEP

    12288:Iy90CIpv1/YoItPfrF9miDZvsyIiytLDmQ:IyNUqDfB9midvjEl

Malware Config

Targets

    • Target

      0a46fccbbd65dd5e0be4a68a72ba35ab76635ff0b8929a61465d5dec9c609b8bN.exe

    • Size

      412KB

    • MD5

      fd0b9715551be210b7dec38d37e95560

    • SHA1

      033a2e7c207494f51ae16f210169f7793546164e

    • SHA256

      0a46fccbbd65dd5e0be4a68a72ba35ab76635ff0b8929a61465d5dec9c609b8b

    • SHA512

      63f0bea072a5f510f027e807ecdccb2fd6f8245a7a51d728cd36a2c39813d5bf991058e159901806013327c683ed4440e98dc1647dfb42c88d8fc509a72e6cba

    • SSDEEP

      12288:Iy90CIpv1/YoItPfrF9miDZvsyIiytLDmQ:IyNUqDfB9midvjEl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks