General

  • Target

    2208ef66583261319e954f386ed9018fff0cfe67a74c9e4b370b9548d7ff4bb5N.exe

  • Size

    782KB

  • Sample

    241113-rgc37aspdt

  • MD5

    ac22a677d2f81bfbb5dbc36a7034f290

  • SHA1

    7a856e538e20fac5b6fa1225f4f91b18954dbce0

  • SHA256

    2208ef66583261319e954f386ed9018fff0cfe67a74c9e4b370b9548d7ff4bb5

  • SHA512

    682bb189a6bc3a658257d824eb3b4cebce9e55699735e1d75441bddc25282ebb761748901765e948836c12968d648e77cf838b4391aa26d61a2b2b443d57f388

  • SSDEEP

    12288:Oy90hKEJNttApznzb7XfqlN2L+iZD4mM7wWuCVoGRaMo67hNmebmR:Oy4vypTzbrfqWPSdu4oGU67hNmebk

Malware Config

Targets

    • Target

      2208ef66583261319e954f386ed9018fff0cfe67a74c9e4b370b9548d7ff4bb5N.exe

    • Size

      782KB

    • MD5

      ac22a677d2f81bfbb5dbc36a7034f290

    • SHA1

      7a856e538e20fac5b6fa1225f4f91b18954dbce0

    • SHA256

      2208ef66583261319e954f386ed9018fff0cfe67a74c9e4b370b9548d7ff4bb5

    • SHA512

      682bb189a6bc3a658257d824eb3b4cebce9e55699735e1d75441bddc25282ebb761748901765e948836c12968d648e77cf838b4391aa26d61a2b2b443d57f388

    • SSDEEP

      12288:Oy90hKEJNttApznzb7XfqlN2L+iZD4mM7wWuCVoGRaMo67hNmebmR:Oy4vypTzbrfqWPSdu4oGU67hNmebk

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks