General

  • Target

    0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0

  • Size

    700KB

  • Sample

    241104-zps4dazlbp

  • MD5

    c6c906f85bc9b047cfa4e1b33f0b2b51

  • SHA1

    3e34734a7201343d4bfc97aa598d17b1020d3d44

  • SHA256

    0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0

  • SHA512

    5f7810703a9f08789c208d177a0abb8c213758f5ca38da76279e86fa964721dd7efe9e7b9a2ea8bbcde14a0993c89ce61d45c8fddd103db78c43e5d1fea9861b

  • SSDEEP

    12288:Py90Q5MBmkNtJrlq6Kjg/d/XUuHbYsock2q3pOegA5U4HGMaajKMVdbo6M9slAEB:PyQmkTJrl/jdv/Usop2kpPhmra2ukL2d

Malware Config

Targets

    • Target

      0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0

    • Size

      700KB

    • MD5

      c6c906f85bc9b047cfa4e1b33f0b2b51

    • SHA1

      3e34734a7201343d4bfc97aa598d17b1020d3d44

    • SHA256

      0cc79a16dea71eefabe08a409d7d84db470587bcafdeb7e128df71fa23a0d1b0

    • SHA512

      5f7810703a9f08789c208d177a0abb8c213758f5ca38da76279e86fa964721dd7efe9e7b9a2ea8bbcde14a0993c89ce61d45c8fddd103db78c43e5d1fea9861b

    • SSDEEP

      12288:Py90Q5MBmkNtJrlq6Kjg/d/XUuHbYsock2q3pOegA5U4HGMaajKMVdbo6M9slAEB:PyQmkTJrl/jdv/Usop2kpPhmra2ukL2d

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks