General

  • Target

    20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c

  • Size

    414KB

  • Sample

    241120-zmat1stemj

  • MD5

    35e90dbe161f241c70da51698db44dae

  • SHA1

    02f402480482d2b7aad7a50af7f8e6d06811346c

  • SHA256

    20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c

  • SHA512

    b9a30ec63db894504d0e917c1ff2f6faa2acfffc013e038fa559aac1813fcd35085f9911fefb676488d2ea892f1485437de1585d82d39a70a716cc3e11e93874

  • SSDEEP

    12288:0y90XGt2QrKV9OLf5FRzXZtRhvCHc2DRf9LP:0yh2YK/OLfNFhIdRP

Malware Config

Targets

    • Target

      20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c

    • Size

      414KB

    • MD5

      35e90dbe161f241c70da51698db44dae

    • SHA1

      02f402480482d2b7aad7a50af7f8e6d06811346c

    • SHA256

      20534b3ed99dc4cee3d3af16ff2463e57c39a176d28ff4d7581539b485a3bc2c

    • SHA512

      b9a30ec63db894504d0e917c1ff2f6faa2acfffc013e038fa559aac1813fcd35085f9911fefb676488d2ea892f1485437de1585d82d39a70a716cc3e11e93874

    • SSDEEP

      12288:0y90XGt2QrKV9OLf5FRzXZtRhvCHc2DRf9LP:0yh2YK/OLfNFhIdRP

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks