General

  • Target

    a13299993618cfc31aa404fc776308e6e488c595d7fb9fcd55349f72e304819c

  • Size

    609KB

  • Sample

    241117-jvz6wazjcn

  • MD5

    e985d11c6ba843f8d3c8c4e974458dfe

  • SHA1

    8cd7690d1e6c0bfa98bf14acede9ab4cb33bdcb1

  • SHA256

    a13299993618cfc31aa404fc776308e6e488c595d7fb9fcd55349f72e304819c

  • SHA512

    55758bb2b1a662fd10bad01ae107e336474782c7ee3c6364e085b9c6c0dd3f43544ad5db0a6d52d84903f7213aabe4163a3a2dbd41d3b558fa36c400b4d3bb87

  • SSDEEP

    12288:oy90iRcJwBRQvkebkx6640InDzmmg+Qrc2A3K61Q:oytWwBRLQkEj0QD6JrNAamQ

Malware Config

Targets

    • Target

      a13299993618cfc31aa404fc776308e6e488c595d7fb9fcd55349f72e304819c

    • Size

      609KB

    • MD5

      e985d11c6ba843f8d3c8c4e974458dfe

    • SHA1

      8cd7690d1e6c0bfa98bf14acede9ab4cb33bdcb1

    • SHA256

      a13299993618cfc31aa404fc776308e6e488c595d7fb9fcd55349f72e304819c

    • SHA512

      55758bb2b1a662fd10bad01ae107e336474782c7ee3c6364e085b9c6c0dd3f43544ad5db0a6d52d84903f7213aabe4163a3a2dbd41d3b558fa36c400b4d3bb87

    • SSDEEP

      12288:oy90iRcJwBRQvkebkx6640InDzmmg+Qrc2A3K61Q:oytWwBRLQkEj0QD6JrNAamQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks