General

  • Target

    289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5

  • Size

    569KB

  • Sample

    241109-d8gzkaxajq

  • MD5

    fadecf2d1734f4f661f480232b53c4d1

  • SHA1

    d13efb9955e2f9e6a71fec0b9ab37a5aeb5106b1

  • SHA256

    289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5

  • SHA512

    88484b07b522e8dba2a53be39a91da4a455ac4a808640308dbf602d2dd43181e5a208660763231c5fc46271c130b3d1aa76b602e302ec2a91842d9ca8820e8e8

  • SSDEEP

    12288:qy90tV9z5H6no3msE/UrJ6kPZ4JxH233ir4eN32UHUoD8Y:qy2PV8sD4WZqs3Sr4e5J028Y

Malware Config

Targets

    • Target

      289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5

    • Size

      569KB

    • MD5

      fadecf2d1734f4f661f480232b53c4d1

    • SHA1

      d13efb9955e2f9e6a71fec0b9ab37a5aeb5106b1

    • SHA256

      289f92162e4ccd8ffa1151a5d09efdf5fe31e823bf12c789e902260eceb69da5

    • SHA512

      88484b07b522e8dba2a53be39a91da4a455ac4a808640308dbf602d2dd43181e5a208660763231c5fc46271c130b3d1aa76b602e302ec2a91842d9ca8820e8e8

    • SSDEEP

      12288:qy90tV9z5H6no3msE/UrJ6kPZ4JxH233ir4eN32UHUoD8Y:qy2PV8sD4WZqs3Sr4e5J028Y

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks