General

  • Target

    0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681

  • Size

    1.5MB

  • Sample

    241109-1hn2hssjft

  • MD5

    854cdad4ac5a571dc230c75230a6e8b3

  • SHA1

    915cd7a0f33797a95b8783c87bc820c179b42a3b

  • SHA256

    0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681

  • SHA512

    7e484df54b9cc588cb0615e4bd991e1ef7f3fedb1eaba2603043d47451a37bfbdf5cba7bf870aec2f49a9d9a85dea6d19d680f2b5d07cc10bf7bfa42ff170884

  • SSDEEP

    24576:NyragUZGcYpZh6nKd1bwxs0RKyyDYrDk/KjHUxdfrgHAwpq7BbYgknVuBnrY2SMc:oWgxc5K7bKTRhjydfrgvG9YhuBnrAQT

Malware Config

Targets

    • Target

      0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681

    • Size

      1.5MB

    • MD5

      854cdad4ac5a571dc230c75230a6e8b3

    • SHA1

      915cd7a0f33797a95b8783c87bc820c179b42a3b

    • SHA256

      0c2a184d78f5c6c0872204657545487ad608bce07f3015d725403cb84db98681

    • SHA512

      7e484df54b9cc588cb0615e4bd991e1ef7f3fedb1eaba2603043d47451a37bfbdf5cba7bf870aec2f49a9d9a85dea6d19d680f2b5d07cc10bf7bfa42ff170884

    • SSDEEP

      24576:NyragUZGcYpZh6nKd1bwxs0RKyyDYrDk/KjHUxdfrgHAwpq7BbYgknVuBnrY2SMc:oWgxc5K7bKTRhjydfrgvG9YhuBnrAQT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks