General

  • Target

    281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353

  • Size

    706KB

  • Sample

    241104-zlcl8axarc

  • MD5

    59db9eddbcf4ab496013f94b3f55d754

  • SHA1

    6d8b3e46e539ddfc25d89c35a1b22e4987372198

  • SHA256

    281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353

  • SHA512

    c345db4f6f2a2a79f8fd7943ad8a3ff84ba83ec4b587915e81161079e129e6adb42a28e2221666622cdd3f78c35dbc4a6a7cb9b43f10da925f2e729c8b1889a6

  • SSDEEP

    12288:Py90oXxWHihGUyNlPHyIaL/CkwwzFfCdrcJY8c0dPZzEVZmpvihi:PyXXxWCClPHcwjrcTcW6VQgi

Malware Config

Targets

    • Target

      281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353

    • Size

      706KB

    • MD5

      59db9eddbcf4ab496013f94b3f55d754

    • SHA1

      6d8b3e46e539ddfc25d89c35a1b22e4987372198

    • SHA256

      281b6e997c84bcc37e621a971c44df0e7d26961d9b92d267913d1f6e5e5ce353

    • SHA512

      c345db4f6f2a2a79f8fd7943ad8a3ff84ba83ec4b587915e81161079e129e6adb42a28e2221666622cdd3f78c35dbc4a6a7cb9b43f10da925f2e729c8b1889a6

    • SSDEEP

      12288:Py90oXxWHihGUyNlPHyIaL/CkwwzFfCdrcJY8c0dPZzEVZmpvihi:PyXXxWCClPHcwjrcTcW6VQgi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks