General

  • Target

    305b69b779ec95afa82e5e4a533f3f93dcc4a7bee1f0cdf8a4206588ee572277

  • Size

    569KB

  • Sample

    241109-eam9cszkaq

  • MD5

    c9d241cfb7a7c3fcf2f31dfeb2f65d99

  • SHA1

    9bc62227176bea6f5421f2a13c3aa27d155fd511

  • SHA256

    305b69b779ec95afa82e5e4a533f3f93dcc4a7bee1f0cdf8a4206588ee572277

  • SHA512

    b302cafdcf4016c9dc4c36e92f03fde4ee9aae5af7a1f48f5e76e9bf54bbe7c884b99f481161a5650c4a565e8716211b8f91bfb40bf3446bfc0c6de9d4fbbdaf

  • SSDEEP

    12288:iy90XCBIulZQCBUG4YxGC7AiW47T1vENAkc+:iyxBIulZQkjT37tW47Hkj

Malware Config

Targets

    • Target

      305b69b779ec95afa82e5e4a533f3f93dcc4a7bee1f0cdf8a4206588ee572277

    • Size

      569KB

    • MD5

      c9d241cfb7a7c3fcf2f31dfeb2f65d99

    • SHA1

      9bc62227176bea6f5421f2a13c3aa27d155fd511

    • SHA256

      305b69b779ec95afa82e5e4a533f3f93dcc4a7bee1f0cdf8a4206588ee572277

    • SHA512

      b302cafdcf4016c9dc4c36e92f03fde4ee9aae5af7a1f48f5e76e9bf54bbe7c884b99f481161a5650c4a565e8716211b8f91bfb40bf3446bfc0c6de9d4fbbdaf

    • SSDEEP

      12288:iy90XCBIulZQCBUG4YxGC7AiW47T1vENAkc+:iyxBIulZQkjT37tW47Hkj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks