General

  • Target

    df875987cbb8c817be1e00f8fa0669575a3c82c306fb3ffc22bd5cafe9bc9646

  • Size

    806KB

  • Sample

    241109-1hdksasgqh

  • MD5

    7ae5db256b32a1c7a331af2ad9a6c0cc

  • SHA1

    0c63f1ef4a073f6133fd86f77cef150c00b738ed

  • SHA256

    df875987cbb8c817be1e00f8fa0669575a3c82c306fb3ffc22bd5cafe9bc9646

  • SHA512

    6e864e2a736e5aba18de7a306504e00456a0db6f34751a8454d7a7575bb78e585da36a14280af4de67e0436b3b195f6b3a2ef155e83efd93f4d47c8a348d3bb9

  • SSDEEP

    24576:9y7vhl8lpAjR9zu1plnUp/1NEAM0NqQBA:Y7vhl8lpAjRo1plUptU2

Malware Config

Targets

    • Target

      df875987cbb8c817be1e00f8fa0669575a3c82c306fb3ffc22bd5cafe9bc9646

    • Size

      806KB

    • MD5

      7ae5db256b32a1c7a331af2ad9a6c0cc

    • SHA1

      0c63f1ef4a073f6133fd86f77cef150c00b738ed

    • SHA256

      df875987cbb8c817be1e00f8fa0669575a3c82c306fb3ffc22bd5cafe9bc9646

    • SHA512

      6e864e2a736e5aba18de7a306504e00456a0db6f34751a8454d7a7575bb78e585da36a14280af4de67e0436b3b195f6b3a2ef155e83efd93f4d47c8a348d3bb9

    • SSDEEP

      24576:9y7vhl8lpAjR9zu1plnUp/1NEAM0NqQBA:Y7vhl8lpAjRo1plUptU2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks