General

  • Target

    42a2adc5129b74306103733c5470b18dc62975199371a99a5b48dee88e8b9304

  • Size

    827KB

  • Sample

    241109-d7estawhrp

  • MD5

    5d6b491844dbd8e04061a8be5b51ffc6

  • SHA1

    3ace19efb8131671a09eaa22910099a0bc62b9f2

  • SHA256

    42a2adc5129b74306103733c5470b18dc62975199371a99a5b48dee88e8b9304

  • SHA512

    8d912e1273ef66e3a21c0fb9209c955f3a2af827d24070eb325c2dc53c6d5b1626461403eebfa48cc5d60e982a1cdfb7fe3f2bbd683010110eae1a9c5f34fab4

  • SSDEEP

    12288:Hy90KwN3O4oykhqyQ06o89ddHx6buA9MexE9JTOiII3/7u8VCBhFV86CodeLvyjb:HyQ3OwkI0b8bD6bnEPqoUBh/kGemKm

Malware Config

Targets

    • Target

      42a2adc5129b74306103733c5470b18dc62975199371a99a5b48dee88e8b9304

    • Size

      827KB

    • MD5

      5d6b491844dbd8e04061a8be5b51ffc6

    • SHA1

      3ace19efb8131671a09eaa22910099a0bc62b9f2

    • SHA256

      42a2adc5129b74306103733c5470b18dc62975199371a99a5b48dee88e8b9304

    • SHA512

      8d912e1273ef66e3a21c0fb9209c955f3a2af827d24070eb325c2dc53c6d5b1626461403eebfa48cc5d60e982a1cdfb7fe3f2bbd683010110eae1a9c5f34fab4

    • SSDEEP

      12288:Hy90KwN3O4oykhqyQ06o89ddHx6buA9MexE9JTOiII3/7u8VCBhFV86CodeLvyjb:HyQ3OwkI0b8bD6bnEPqoUBh/kGemKm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks