General

  • Target

    2e2177d9ef823701c8f6f1d7d2dec7e8ce0ff8ba6a6d01012e32ba5761002a59

  • Size

    749KB

  • Sample

    241113-zpj6gayjgz

  • MD5

    034f57afdff0c6ccc878ea4a4faf5796

  • SHA1

    0ca9c612b0b0e0362db36f40f89d3dfad02ebdc6

  • SHA256

    2e2177d9ef823701c8f6f1d7d2dec7e8ce0ff8ba6a6d01012e32ba5761002a59

  • SHA512

    36a209b17c74c69f7a1faea4f6be739262e5f1570601128ebe490f2fe9d5c16ba07f1f6ee99c22f0b3150faf3048616b82a73b0f41e3099323a846c9030838bd

  • SSDEEP

    12288:ay90uz5B39t9xzMRJIjhE/lN6s7kNu8BFONK0emoaSKtwlxrCBq:ay1z5SjIdElN60psaSKtSBCBq

Malware Config

Targets

    • Target

      2e2177d9ef823701c8f6f1d7d2dec7e8ce0ff8ba6a6d01012e32ba5761002a59

    • Size

      749KB

    • MD5

      034f57afdff0c6ccc878ea4a4faf5796

    • SHA1

      0ca9c612b0b0e0362db36f40f89d3dfad02ebdc6

    • SHA256

      2e2177d9ef823701c8f6f1d7d2dec7e8ce0ff8ba6a6d01012e32ba5761002a59

    • SHA512

      36a209b17c74c69f7a1faea4f6be739262e5f1570601128ebe490f2fe9d5c16ba07f1f6ee99c22f0b3150faf3048616b82a73b0f41e3099323a846c9030838bd

    • SSDEEP

      12288:ay90uz5B39t9xzMRJIjhE/lN6s7kNu8BFONK0emoaSKtwlxrCBq:ay1z5SjIdElN60psaSKtSBCBq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks