General

  • Target

    e3ddb8aa342ae936bdee6577652d8c881353d92b2be2b32d5e37c4cd188a322e

  • Size

    479KB

  • Sample

    241104-zlmgeswnds

  • MD5

    c6493335755599a27886edc224c49282

  • SHA1

    ebbe2d1721bc551358d9e601d2ab07d219e07af4

  • SHA256

    e3ddb8aa342ae936bdee6577652d8c881353d92b2be2b32d5e37c4cd188a322e

  • SHA512

    9b51591e0a9bf64d1851def20bcb1969bdb22450cf090f025c0e184a4b6b84912cc14fcfe2c53a19525b0f4adf8d3c796fef9df85200ca066f87650cbcbb0dc3

  • SSDEEP

    12288:sMrxy90a64zflmZMTy2nQbJVmAR25/1Jr:Ny9cn2oJ/Uh1Jr

Malware Config

Targets

    • Target

      e3ddb8aa342ae936bdee6577652d8c881353d92b2be2b32d5e37c4cd188a322e

    • Size

      479KB

    • MD5

      c6493335755599a27886edc224c49282

    • SHA1

      ebbe2d1721bc551358d9e601d2ab07d219e07af4

    • SHA256

      e3ddb8aa342ae936bdee6577652d8c881353d92b2be2b32d5e37c4cd188a322e

    • SHA512

      9b51591e0a9bf64d1851def20bcb1969bdb22450cf090f025c0e184a4b6b84912cc14fcfe2c53a19525b0f4adf8d3c796fef9df85200ca066f87650cbcbb0dc3

    • SSDEEP

      12288:sMrxy90a64zflmZMTy2nQbJVmAR25/1Jr:Ny9cn2oJ/Uh1Jr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks