General

  • Target

    faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae

  • Size

    694KB

  • Sample

    241109-ebxjeszkcn

  • MD5

    15c29f6989488058d1f7392e32cfe5d0

  • SHA1

    23180899e1d79e2113a131b81507a448eab9a4a2

  • SHA256

    faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae

  • SHA512

    dc85a9e2f5ba784698fd26bc47870a5db06549147095ba05dcddff79882f24a1895c4cb6aef6f496ab6a562e9aeab98616082b46033dff9f6408c660515ed351

  • SSDEEP

    12288:hy90tgcZ64Q+NWUfwqBxjTxVadKGO0alt8Ez7wvqA4gf:hyHs6b+NWwwqZVadKG6L8s7s

Malware Config

Targets

    • Target

      faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae

    • Size

      694KB

    • MD5

      15c29f6989488058d1f7392e32cfe5d0

    • SHA1

      23180899e1d79e2113a131b81507a448eab9a4a2

    • SHA256

      faaad7638faeb52279aeeeb535f67b8551f0bf021e69bd6d92b9c2eeeef545ae

    • SHA512

      dc85a9e2f5ba784698fd26bc47870a5db06549147095ba05dcddff79882f24a1895c4cb6aef6f496ab6a562e9aeab98616082b46033dff9f6408c660515ed351

    • SSDEEP

      12288:hy90tgcZ64Q+NWUfwqBxjTxVadKGO0alt8Ez7wvqA4gf:hyHs6b+NWwwqZVadKG6L8s7s

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks