General

  • Target

    c6f1425b97f3b80bff4258fbc6f27299fb7d65ece0fa65ecbb812b3e17a2ddd4

  • Size

    564KB

  • Sample

    241109-d58ywawhqj

  • MD5

    c434b13010434249281516270af5aa60

  • SHA1

    6fb9bc14b3eee4f5f1fc84feceea11b61f88978f

  • SHA256

    c6f1425b97f3b80bff4258fbc6f27299fb7d65ece0fa65ecbb812b3e17a2ddd4

  • SHA512

    4cf536cc3b1d44d952d43dcccdee09cbbd23baa71dd599da1b2655ff58691a549b496b79cb60aa2cfddbd8b16d5fb959873697cd5fc3957ac056282c355194dd

  • SSDEEP

    12288:0y9036ukylD6lTfN1CtIIWza03sKnMqAHIiV+S8pDWm:0ylujOxNsNe13s25AoicS8R

Malware Config

Targets

    • Target

      c6f1425b97f3b80bff4258fbc6f27299fb7d65ece0fa65ecbb812b3e17a2ddd4

    • Size

      564KB

    • MD5

      c434b13010434249281516270af5aa60

    • SHA1

      6fb9bc14b3eee4f5f1fc84feceea11b61f88978f

    • SHA256

      c6f1425b97f3b80bff4258fbc6f27299fb7d65ece0fa65ecbb812b3e17a2ddd4

    • SHA512

      4cf536cc3b1d44d952d43dcccdee09cbbd23baa71dd599da1b2655ff58691a549b496b79cb60aa2cfddbd8b16d5fb959873697cd5fc3957ac056282c355194dd

    • SSDEEP

      12288:0y9036ukylD6lTfN1CtIIWza03sKnMqAHIiV+S8pDWm:0ylujOxNsNe13s25AoicS8R

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks