General

  • Target

    c8d1a1202d55150de294658f499bc16e6eb8bedd47235afaf668b2288ab27b95

  • Size

    540KB

  • Sample

    241109-d48ayswkfy

  • MD5

    a1a39f7c7949b5b0b215da7698a0cbc2

  • SHA1

    9a93f60235744e87105c75cc90e38454e95f989b

  • SHA256

    c8d1a1202d55150de294658f499bc16e6eb8bedd47235afaf668b2288ab27b95

  • SHA512

    6ef8f0f8c547b09488fff09f608b7f97aa3900fcf928ae78da8ecb2b1e9e70e47343944e14a98c6c14dd92c87b59560ccad186a31429a8e92c3d663963273b17

  • SSDEEP

    12288:ty90GgtRPqLRXVNr86mMmaDb1TRJfNo0tteH1YEJqWV+/:tyk2VZ86zNTBq1B9I

Malware Config

Targets

    • Target

      c8d1a1202d55150de294658f499bc16e6eb8bedd47235afaf668b2288ab27b95

    • Size

      540KB

    • MD5

      a1a39f7c7949b5b0b215da7698a0cbc2

    • SHA1

      9a93f60235744e87105c75cc90e38454e95f989b

    • SHA256

      c8d1a1202d55150de294658f499bc16e6eb8bedd47235afaf668b2288ab27b95

    • SHA512

      6ef8f0f8c547b09488fff09f608b7f97aa3900fcf928ae78da8ecb2b1e9e70e47343944e14a98c6c14dd92c87b59560ccad186a31429a8e92c3d663963273b17

    • SSDEEP

      12288:ty90GgtRPqLRXVNr86mMmaDb1TRJfNo0tteH1YEJqWV+/:tyk2VZ86zNTBq1B9I

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks