General

  • Target

    2ddbd926a5d164048a9093f27b80e6e877db06d15b933dfe3bf626324ec45d0e

  • Size

    694KB

  • Sample

    241104-13xjdsycjf

  • MD5

    066c43ada8a406ebd400873bf90263bf

  • SHA1

    221307dd31834dc377f546b88e37ae2a13837fa5

  • SHA256

    2ddbd926a5d164048a9093f27b80e6e877db06d15b933dfe3bf626324ec45d0e

  • SHA512

    97b1ed6d475fd2267bf69eb8033b28456cd20d8559f22f68001990adf67fa8589abbbe45a847398bc5dbf57c7a0fe31423362ad7b01d40dc744352e895ffde63

  • SSDEEP

    12288:wy908s/6YTO+uQSXx3VeBbZ1UdONd1QZ23H3XUc5vleu2KT8ZnGew:wyw/ZO+uQW3VeP6dAjH3XUAWKYZnLw

Malware Config

Targets

    • Target

      2ddbd926a5d164048a9093f27b80e6e877db06d15b933dfe3bf626324ec45d0e

    • Size

      694KB

    • MD5

      066c43ada8a406ebd400873bf90263bf

    • SHA1

      221307dd31834dc377f546b88e37ae2a13837fa5

    • SHA256

      2ddbd926a5d164048a9093f27b80e6e877db06d15b933dfe3bf626324ec45d0e

    • SHA512

      97b1ed6d475fd2267bf69eb8033b28456cd20d8559f22f68001990adf67fa8589abbbe45a847398bc5dbf57c7a0fe31423362ad7b01d40dc744352e895ffde63

    • SSDEEP

      12288:wy908s/6YTO+uQSXx3VeBbZ1UdONd1QZ23H3XUc5vleu2KT8ZnGew:wyw/ZO+uQW3VeP6dAjH3XUAWKYZnLw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks