General

  • Target

    cd2b34d51e5c4111fa368e5c636fda3b00ca532179520088fcfa9185cba2eb83

  • Size

    550KB

  • Sample

    241109-ec26aswmdy

  • MD5

    42903bcba8ab11893bb0dead79524b9e

  • SHA1

    f4c74bbaa3f1a39da7dba5857cc8d6353fd9ce55

  • SHA256

    cd2b34d51e5c4111fa368e5c636fda3b00ca532179520088fcfa9185cba2eb83

  • SHA512

    2d6e32708e604f08be61343ba5b506c2b2fde72cf188cc3e13ae1977fd4bee85fa89a2c45c8825f12f02818727177ef8992b64ccd8a8d76835d18cb4da98f337

  • SSDEEP

    12288:Sy902XH5I1JemHuIsXMRPCmVo7zeMF119drnJY8c07iZQfzka1:SyBecmHsMRPCmKVFXXrnTcQoa1

Malware Config

Targets

    • Target

      cd2b34d51e5c4111fa368e5c636fda3b00ca532179520088fcfa9185cba2eb83

    • Size

      550KB

    • MD5

      42903bcba8ab11893bb0dead79524b9e

    • SHA1

      f4c74bbaa3f1a39da7dba5857cc8d6353fd9ce55

    • SHA256

      cd2b34d51e5c4111fa368e5c636fda3b00ca532179520088fcfa9185cba2eb83

    • SHA512

      2d6e32708e604f08be61343ba5b506c2b2fde72cf188cc3e13ae1977fd4bee85fa89a2c45c8825f12f02818727177ef8992b64ccd8a8d76835d18cb4da98f337

    • SSDEEP

      12288:Sy902XH5I1JemHuIsXMRPCmVo7zeMF119drnJY8c07iZQfzka1:SyBecmHsMRPCmKVFXXrnTcQoa1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks