General

  • Target

    424d6f1ea7d3443164c5ba76279d57994874ca18076d7bd2a01048d6a0884f6f

  • Size

    559KB

  • Sample

    241109-d5slwszjan

  • MD5

    194caf8718b0f96fbfe7150b4862caf6

  • SHA1

    041ed7964cf9de5dd537fd9098f6fdba182cf542

  • SHA256

    424d6f1ea7d3443164c5ba76279d57994874ca18076d7bd2a01048d6a0884f6f

  • SHA512

    40bc70b89cae2331ef61c530d0a5205086a7e6ffd6dd101e61c860ba19498e56bb700d60f2ce04507044479f31a2282db24de73e4812982553d20c18813d1773

  • SSDEEP

    12288:Zy90MRVo3ZLBmikBp6K6VfygCwytmzUfFtZGTA7+U2:ZyvRyzm7BPLtrtTMA7+v

Malware Config

Targets

    • Target

      424d6f1ea7d3443164c5ba76279d57994874ca18076d7bd2a01048d6a0884f6f

    • Size

      559KB

    • MD5

      194caf8718b0f96fbfe7150b4862caf6

    • SHA1

      041ed7964cf9de5dd537fd9098f6fdba182cf542

    • SHA256

      424d6f1ea7d3443164c5ba76279d57994874ca18076d7bd2a01048d6a0884f6f

    • SHA512

      40bc70b89cae2331ef61c530d0a5205086a7e6ffd6dd101e61c860ba19498e56bb700d60f2ce04507044479f31a2282db24de73e4812982553d20c18813d1773

    • SSDEEP

      12288:Zy90MRVo3ZLBmikBp6K6VfygCwytmzUfFtZGTA7+U2:ZyvRyzm7BPLtrtTMA7+v

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks