General

  • Target

    a7f387c0f2574f8663005de7101e429305e39117ca84a4246fcd0f93541bba21

  • Size

    706KB

  • Sample

    241109-eb7dmazkdm

  • MD5

    33079571dd5aafa1d08ac91328ea3acf

  • SHA1

    4283c73ea9c748301735f16857518444d492e6a8

  • SHA256

    a7f387c0f2574f8663005de7101e429305e39117ca84a4246fcd0f93541bba21

  • SHA512

    17d14040890dd2832ae95354d774fde043699e1402d9230f2d7fc09049017e63f99cadb3d7463e1dcf1576d3e8bd55e57ad3bd8a58e55df9be18bf65ef9a1342

  • SSDEEP

    12288:Yy90rKiULXOFxEFzs+sEpUadVNvbK1grCiU5O7ABPGOjYw4tz:YywBUiHEp9saUwvvbKaU5AIPbu

Malware Config

Targets

    • Target

      a7f387c0f2574f8663005de7101e429305e39117ca84a4246fcd0f93541bba21

    • Size

      706KB

    • MD5

      33079571dd5aafa1d08ac91328ea3acf

    • SHA1

      4283c73ea9c748301735f16857518444d492e6a8

    • SHA256

      a7f387c0f2574f8663005de7101e429305e39117ca84a4246fcd0f93541bba21

    • SHA512

      17d14040890dd2832ae95354d774fde043699e1402d9230f2d7fc09049017e63f99cadb3d7463e1dcf1576d3e8bd55e57ad3bd8a58e55df9be18bf65ef9a1342

    • SSDEEP

      12288:Yy90rKiULXOFxEFzs+sEpUadVNvbK1grCiU5O7ABPGOjYw4tz:YywBUiHEp9saUwvvbKaU5AIPbu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks