General

  • Target

    d971b6b7b6ef9adea7aae6afe34d833574ab9bf94c854beb8bf83feb75e2ee9dN.exe

  • Size

    1.2MB

  • Sample

    241117-tkdj8stdnj

  • MD5

    b7060e26bf8c1098e6eb5a6a6bb7acd0

  • SHA1

    05bd387ae2ebba3064699d80857b5c8f2ad7d156

  • SHA256

    d971b6b7b6ef9adea7aae6afe34d833574ab9bf94c854beb8bf83feb75e2ee9d

  • SHA512

    a0d340b999cd2fd61f61941d952eb878392fb7018539e632509471ecdcbb5e31e36c0a5266393186fdd7f5569e40145da85ac0cfd1bb52ea2ff540c07dcb6aca

  • SSDEEP

    24576:tydqSZ2zygDQk6kyp09AEHF/emcVgqOXqC5CqcsD7YsYvDlB7f6EIiK9:IdXZ223kyp+ldcVgPaC56tsYvhB7ia

Malware Config

Targets

    • Target

      d971b6b7b6ef9adea7aae6afe34d833574ab9bf94c854beb8bf83feb75e2ee9dN.exe

    • Size

      1.2MB

    • MD5

      b7060e26bf8c1098e6eb5a6a6bb7acd0

    • SHA1

      05bd387ae2ebba3064699d80857b5c8f2ad7d156

    • SHA256

      d971b6b7b6ef9adea7aae6afe34d833574ab9bf94c854beb8bf83feb75e2ee9d

    • SHA512

      a0d340b999cd2fd61f61941d952eb878392fb7018539e632509471ecdcbb5e31e36c0a5266393186fdd7f5569e40145da85ac0cfd1bb52ea2ff540c07dcb6aca

    • SSDEEP

      24576:tydqSZ2zygDQk6kyp09AEHF/emcVgqOXqC5CqcsD7YsYvDlB7f6EIiK9:IdXZ223kyp+ldcVgPaC56tsYvhB7ia

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks