General

  • Target

    2652159d42320ca4b3230d7c99f1cad036d3e80b74713cb47588544ab2eff27eN

  • Size

    541KB

  • Sample

    241109-1ttq5stbkb

  • MD5

    9ad87ec7987ab00fe6eb834387705ae0

  • SHA1

    311b63a5db817b24b814bacc468713253bc2ba52

  • SHA256

    2652159d42320ca4b3230d7c99f1cad036d3e80b74713cb47588544ab2eff27e

  • SHA512

    b3b65a364b8652935a62d03685f885aecb41f53903945a6bc73ab5fd2bb4133f779c25258dcf00e4d453a9dab3fe26d12bcaf7275d3b2e05d9381c5dde24ea86

  • SSDEEP

    12288:Ly90UtJlMqCz+WblQYc1l4k+LQmZRhu9Hx0iDre7o6:LytJlMfz+Wb6tr4k+LFjCuYe7o6

Malware Config

Targets

    • Target

      2652159d42320ca4b3230d7c99f1cad036d3e80b74713cb47588544ab2eff27eN

    • Size

      541KB

    • MD5

      9ad87ec7987ab00fe6eb834387705ae0

    • SHA1

      311b63a5db817b24b814bacc468713253bc2ba52

    • SHA256

      2652159d42320ca4b3230d7c99f1cad036d3e80b74713cb47588544ab2eff27e

    • SHA512

      b3b65a364b8652935a62d03685f885aecb41f53903945a6bc73ab5fd2bb4133f779c25258dcf00e4d453a9dab3fe26d12bcaf7275d3b2e05d9381c5dde24ea86

    • SSDEEP

      12288:Ly90UtJlMqCz+WblQYc1l4k+LQmZRhu9Hx0iDre7o6:LytJlMfz+Wb6tr4k+LFjCuYe7o6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks