General

  • Target

    edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389

  • Size

    562KB

  • Sample

    241109-1h43qsshlj

  • MD5

    6de0507cc202f3dcc63cb33717c76dc7

  • SHA1

    d003d86bcd795851abe4ebfc9304e7a6f861efc5

  • SHA256

    edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389

  • SHA512

    d846bb75a7bca676a468f7506a689aeea61d2b735fa0023d96ae7e283e2474ba96b7a6f17898ebb87e883f61e51bd9aabaacf9750b7938848d76ca1e8c20c982

  • SSDEEP

    12288:7y90Et8Q9Ce3NbpVBk6I91jLtuBMIzbdsrdi2vP689ix:7yvtPMe3d/q6I913t4+42Kgc

Malware Config

Targets

    • Target

      edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389

    • Size

      562KB

    • MD5

      6de0507cc202f3dcc63cb33717c76dc7

    • SHA1

      d003d86bcd795851abe4ebfc9304e7a6f861efc5

    • SHA256

      edb5e4e8c0c574d7c963916f5b054a99ee4386a3d41d1813eee3a0c76ff13389

    • SHA512

      d846bb75a7bca676a468f7506a689aeea61d2b735fa0023d96ae7e283e2474ba96b7a6f17898ebb87e883f61e51bd9aabaacf9750b7938848d76ca1e8c20c982

    • SSDEEP

      12288:7y90Et8Q9Ce3NbpVBk6I91jLtuBMIzbdsrdi2vP689ix:7yvtPMe3d/q6I913t4+42Kgc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks