General

  • Target

    033c3711a2856c29a37e50a0bbf5de1441a05072d6476b6cceeec57f1b5ccf0b

  • Size

    706KB

  • Sample

    241109-d8vwesxakp

  • MD5

    ae39d280043b18243b981fadea2a82dc

  • SHA1

    6ad0597c1300fceec46530bee7c8e79ae8741236

  • SHA256

    033c3711a2856c29a37e50a0bbf5de1441a05072d6476b6cceeec57f1b5ccf0b

  • SHA512

    1b2b086d4f5a2520066d7d7f9def4d9ac823e9277c1f2cdc9a06f08df73d19095f6355bd9a6a3915d5f641765238373e0847ffe02eb3a22fd7b646559c85cde9

  • SSDEEP

    12288:ty90xnsHmMdwBlkY7ZGIKIrpskXS2YdiLaTRLXZtRhvDNc15tasMWG2ggce42:tyAn+mMKj1GjIrekg8wFhAtuy42

Malware Config

Targets

    • Target

      033c3711a2856c29a37e50a0bbf5de1441a05072d6476b6cceeec57f1b5ccf0b

    • Size

      706KB

    • MD5

      ae39d280043b18243b981fadea2a82dc

    • SHA1

      6ad0597c1300fceec46530bee7c8e79ae8741236

    • SHA256

      033c3711a2856c29a37e50a0bbf5de1441a05072d6476b6cceeec57f1b5ccf0b

    • SHA512

      1b2b086d4f5a2520066d7d7f9def4d9ac823e9277c1f2cdc9a06f08df73d19095f6355bd9a6a3915d5f641765238373e0847ffe02eb3a22fd7b646559c85cde9

    • SSDEEP

      12288:ty90xnsHmMdwBlkY7ZGIKIrpskXS2YdiLaTRLXZtRhvDNc15tasMWG2ggce42:tyAn+mMKj1GjIrekg8wFhAtuy42

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks