General

  • Target

    373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708.exe

  • Size

    783KB

  • Sample

    241117-rc2kzs1jfy

  • MD5

    2fec8b81e427b08658e7b11700643366

  • SHA1

    e1d969415dac386b1b48ce3173fa9daa2d19e1f8

  • SHA256

    373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708

  • SHA512

    acb3590b49b6a860552925497179813f2e1fef3238e0fe914ddd5926f0dc372fff1f786d5f983ceb1865614de6927a9e7e1e73133461e8efda21d2d451b75bb7

  • SSDEEP

    12288:Ky90PgZSONOijP/RYh+Ehqg31DXl7bHx4/DIZYV26BNA9VSAFWmVKFaj/t:KyigwOwUvU1DXl72jBN9AFCu/t

Malware Config

Targets

    • Target

      373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708.exe

    • Size

      783KB

    • MD5

      2fec8b81e427b08658e7b11700643366

    • SHA1

      e1d969415dac386b1b48ce3173fa9daa2d19e1f8

    • SHA256

      373a866fc4e99d8f4bce257c727b71b66b169e8eb149aae03982f30bc3a6d708

    • SHA512

      acb3590b49b6a860552925497179813f2e1fef3238e0fe914ddd5926f0dc372fff1f786d5f983ceb1865614de6927a9e7e1e73133461e8efda21d2d451b75bb7

    • SSDEEP

      12288:Ky90PgZSONOijP/RYh+Ehqg31DXl7bHx4/DIZYV26BNA9VSAFWmVKFaj/t:KyigwOwUvU1DXl72jBN9AFCu/t

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks