General

  • Target

    287c9660c07ac4675a47677458b15f818558daffa39761f0672a7da1ed5c1a65.exe

  • Size

    568KB

  • Sample

    241125-hkmx5aznbl

  • MD5

    9c7a6959f8895c9b1a23bb1b81a6f4a7

  • SHA1

    562f4c2035ba88fb4e0838f11a71ad459c744725

  • SHA256

    287c9660c07ac4675a47677458b15f818558daffa39761f0672a7da1ed5c1a65

  • SHA512

    12abe3a40eac564ecf78da56e1fc92e05bbe51da530f6e27aebb53520d9dabffdc500ec22eb1ae260d1f967a82e7128c7aee2cd0132340e57c11c9c37ec0f21b

  • SSDEEP

    12288:/y9098+PIfhtGltMHDbTPBT5t5eYIeioiek4LNARp0x:/yeUGltCXFVt5eYIFQnWRp0x

Malware Config

Targets

    • Target

      287c9660c07ac4675a47677458b15f818558daffa39761f0672a7da1ed5c1a65.exe

    • Size

      568KB

    • MD5

      9c7a6959f8895c9b1a23bb1b81a6f4a7

    • SHA1

      562f4c2035ba88fb4e0838f11a71ad459c744725

    • SHA256

      287c9660c07ac4675a47677458b15f818558daffa39761f0672a7da1ed5c1a65

    • SHA512

      12abe3a40eac564ecf78da56e1fc92e05bbe51da530f6e27aebb53520d9dabffdc500ec22eb1ae260d1f967a82e7128c7aee2cd0132340e57c11c9c37ec0f21b

    • SSDEEP

      12288:/y9098+PIfhtGltMHDbTPBT5t5eYIeioiek4LNARp0x:/yeUGltCXFVt5eYIFQnWRp0x

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks