General

  • Target

    b26708b536b84b29206892b9c19201f579f93970b60afd7bb8358f99f17481c6.exe

  • Size

    488KB

  • Sample

    241113-rvnrvaxjdl

  • MD5

    6b160676a8338aadd68db9a779b7c924

  • SHA1

    8603d386e2ac4ff6e196c92ae44b99cff6105d94

  • SHA256

    b26708b536b84b29206892b9c19201f579f93970b60afd7bb8358f99f17481c6

  • SHA512

    ea909f66f6935251f3a303df9c58d8a37ba1733ad69145465f690e78287dd5b374c465ce5c4dc9d4a039cd9c33dfa797c79a92bad29727cfeeebc987ee6e5da9

  • SSDEEP

    12288:/y90FyKZqLtM1R3qQ/l/VHrLEziwU/HtF:/yN21RFLLsiFtF

Malware Config

Targets

    • Target

      b26708b536b84b29206892b9c19201f579f93970b60afd7bb8358f99f17481c6.exe

    • Size

      488KB

    • MD5

      6b160676a8338aadd68db9a779b7c924

    • SHA1

      8603d386e2ac4ff6e196c92ae44b99cff6105d94

    • SHA256

      b26708b536b84b29206892b9c19201f579f93970b60afd7bb8358f99f17481c6

    • SHA512

      ea909f66f6935251f3a303df9c58d8a37ba1733ad69145465f690e78287dd5b374c465ce5c4dc9d4a039cd9c33dfa797c79a92bad29727cfeeebc987ee6e5da9

    • SSDEEP

      12288:/y90FyKZqLtM1R3qQ/l/VHrLEziwU/HtF:/yN21RFLLsiFtF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks