General

  • Target

    dbf6ef3a098bfd1e1b927a2e6293227f72a6766ea83dff6501667c0c2e2c57b4N.exe

  • Size

    694KB

  • Sample

    241113-yfjmxa1pgr

  • MD5

    e6dc6eff5bb650896da5188397838770

  • SHA1

    e66ba42df7957c5402eaad83e88012da091d30ff

  • SHA256

    dbf6ef3a098bfd1e1b927a2e6293227f72a6766ea83dff6501667c0c2e2c57b4

  • SHA512

    fbb1136e75c60f028c809dad3709a1286613cd6f84a170b76b32ecdbb90731d46ba683756011bbbfe9a599abf320c140827e692337b5af7782fe8609bf333b80

  • SSDEEP

    12288:dy90Jjtgh4h/q0gHedUuZh8nK1gmbQQZRhurH20iDre7m16NWk0OVQ3:dyctgh4gT8UuZj+mbjjSP8e7UoWcQ3

Malware Config

Targets

    • Target

      dbf6ef3a098bfd1e1b927a2e6293227f72a6766ea83dff6501667c0c2e2c57b4N.exe

    • Size

      694KB

    • MD5

      e6dc6eff5bb650896da5188397838770

    • SHA1

      e66ba42df7957c5402eaad83e88012da091d30ff

    • SHA256

      dbf6ef3a098bfd1e1b927a2e6293227f72a6766ea83dff6501667c0c2e2c57b4

    • SHA512

      fbb1136e75c60f028c809dad3709a1286613cd6f84a170b76b32ecdbb90731d46ba683756011bbbfe9a599abf320c140827e692337b5af7782fe8609bf333b80

    • SSDEEP

      12288:dy90Jjtgh4h/q0gHedUuZh8nK1gmbQQZRhurH20iDre7m16NWk0OVQ3:dyctgh4gT8UuZj+mbjjSP8e7UoWcQ3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks