General

  • Target

    de2d1074849d4f8d1f79afaa0d1407aa28f08c3962eef0fe5aa39481eea09aaf.exe

  • Size

    763KB

  • Sample

    241117-tf782stdjj

  • MD5

    0252476cf6b34142beffbc1a8bf3ed20

  • SHA1

    50fb3b08ad1c5634c276b70066f31740fb8a6478

  • SHA256

    de2d1074849d4f8d1f79afaa0d1407aa28f08c3962eef0fe5aa39481eea09aaf

  • SHA512

    54288056960e6e24689a7f853a472a36695597540e97bf61e522a16157face34c0905efca7dc16f5570672d7767713cc324d7432cbab9893cd2d9f1897375518

  • SSDEEP

    12288:hy90+aQH+HYs/CgGocbJom8i2hNv05tgnAVrE9Skfm3wq87SnbpAT5Bck6:hyxaQqubJgNrs5rE9XfccYb86

Malware Config

Targets

    • Target

      de2d1074849d4f8d1f79afaa0d1407aa28f08c3962eef0fe5aa39481eea09aaf.exe

    • Size

      763KB

    • MD5

      0252476cf6b34142beffbc1a8bf3ed20

    • SHA1

      50fb3b08ad1c5634c276b70066f31740fb8a6478

    • SHA256

      de2d1074849d4f8d1f79afaa0d1407aa28f08c3962eef0fe5aa39481eea09aaf

    • SHA512

      54288056960e6e24689a7f853a472a36695597540e97bf61e522a16157face34c0905efca7dc16f5570672d7767713cc324d7432cbab9893cd2d9f1897375518

    • SSDEEP

      12288:hy90+aQH+HYs/CgGocbJom8i2hNv05tgnAVrE9Skfm3wq87SnbpAT5Bck6:hyxaQqubJgNrs5rE9XfccYb86

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks