Overview

overview

10

Static

static

10

k7397966.exe

windows7-x64

10

k7397966.exe

windows10-2004-x64

10

l4254174.exe

windows7-x64

10

l4254174.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9141110020e217ce8868e28c0b9745d0a0c89f295e4d64a6737b5c4ce061023dN.cab

  • Size

    164KB

  • Sample

    241210-tjz2vavlap

  • MD5

    88350259a58b8af4a4ad93e41588ab40

  • SHA1

    66335c133bf27e2b6cd5e9fb7a2065e4b1a2d121

  • SHA256

    9141110020e217ce8868e28c0b9745d0a0c89f295e4d64a6737b5c4ce061023d

  • SHA512

    a8190c23fbd5fed8d17fa3557e1a960c8434c7759b4829e3a289735451325c3be251f7cc5e165927c08b1b32d75d3602191da1b738eedb21534e912a5562b423

  • SSDEEP

    3072:ls/a9eJYTlNn1WFQSd3pmjd+EP+l6dp/soJ4WYqER9sUgnFKvWmB8ijr1:6bYTX1WFTdpGVi6ddsoJtYqE7srnI5r1

Score
10/10
healerredlinediscoverydropperevasioninfostealertrojan

Malware Config

Targets

    • Target

      k7397966.exe

    • Size

      136KB

    • MD5

      e05569942dcc351450da8b213f46057f

    • SHA1

      615ec7c590779fd10533b56c1e577a29fbcd1c98

    • SHA256

      c48bfd1cd7e3a1b17a314590bd306db0bc33a49a07fd831fa5140794ce005d7a

    • SHA512

      ff93cfeea10dc8f2f24c6e8e0260cc7500969be94c345ec74b851c2f23d9ec774bc1273915eda55558e11d0a67c9a1db140b345892b95047e836d466321697a5

    • SSDEEP

      3072:UqUCDIoNVb50yr40gBBsdEu6XYgafJlY:FK4dEu6o

    Score
    10/10
    redlinediscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline
    behavioral1behavioral2

    • Target

      l4254174.exe

    • Size

      175KB

    • MD5

      bd5418c5f3792bb529f35488c0de7753

    • SHA1

      b6492e648dfacbf8ace3efb21caab02441e69e5f

    • SHA256

      f3f906141767d0b63378f1c4505b59c943c27a60fae38906241f382ab28a8614

    • SHA512

      16b22e35ee02c34bec4584464f48916b1d0548095cbc6d385550a4772cd7fb7877c51d0747b557b84f2f58b82108de012c7d6843bbfa119348d816c1a07c8775

    • SSDEEP

      3072:/DKW1LgppLRHMY0TBfJvjcTp5XDElD5PbUXukcu/9mN:/DKW1Lgbdl0TBBvjc/IlhU+kcu1

    Score
    10/10
    healerdiscoverydropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Windows security modification

      evasiontrojan
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks