General

  • Target

    3e3a9a95a01c03b635623dfabef1ca4efdab5de84fa6dbec64914631ab7ded0c

  • Size

    702KB

  • Sample

    241109-d5ltcawhpj

  • MD5

    317e5bdd92ef2eabdc52b3305a155435

  • SHA1

    6344bf95bbac2df9dfcaf5176c0f139aa82b9c9f

  • SHA256

    3e3a9a95a01c03b635623dfabef1ca4efdab5de84fa6dbec64914631ab7ded0c

  • SHA512

    76826f01bc47eb1466aae59fccffe358c1ef3344b54eb010e978794e5abe069b5ddcb2f31a42af719d2b684b184809fbe2ecb59533190bfda47b027608556fe8

  • SSDEEP

    12288:Py90/Ohmfjhzxf+/DarTjaka2x/EPRXmGsf0rKeaqiqbRd8SGdz9A:PygOhmfD+bmjaka2x/EPR2GxF8q38SwO

Malware Config

Targets

    • Target

      3e3a9a95a01c03b635623dfabef1ca4efdab5de84fa6dbec64914631ab7ded0c

    • Size

      702KB

    • MD5

      317e5bdd92ef2eabdc52b3305a155435

    • SHA1

      6344bf95bbac2df9dfcaf5176c0f139aa82b9c9f

    • SHA256

      3e3a9a95a01c03b635623dfabef1ca4efdab5de84fa6dbec64914631ab7ded0c

    • SHA512

      76826f01bc47eb1466aae59fccffe358c1ef3344b54eb010e978794e5abe069b5ddcb2f31a42af719d2b684b184809fbe2ecb59533190bfda47b027608556fe8

    • SSDEEP

      12288:Py90/Ohmfjhzxf+/DarTjaka2x/EPRXmGsf0rKeaqiqbRd8SGdz9A:PygOhmfD+bmjaka2x/EPR2GxF8q38SwO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks