General

  • Target

    832eca59de3f5f6be9e83401d5d8bb723bc42fab48c92165d7b9afadc6cd4365

  • Size

    697KB

  • Sample

    241109-ec9v5sxbkm

  • MD5

    a258cbf75906073cc70f705df281025c

  • SHA1

    a9c4a8cae5777883ab4c46f43a604bbbe0f8e7b0

  • SHA256

    832eca59de3f5f6be9e83401d5d8bb723bc42fab48c92165d7b9afadc6cd4365

  • SHA512

    8b2ef4d073a4c438d5a07225b1382757e80636580283689f662ffe018de808c627f105583d18a3315922c4f4cae8d90bf56fd800dc747f4392368425242b6759

  • SSDEEP

    12288:Zy906GmY0R68tmAFCY82Ydv9a6WTTEUlBHUKgjTr89gj/GtUYNHm6wQh:Zy/Yr8tXFxm9WEaB0KgjP89gj406w4

Malware Config

Targets

    • Target

      832eca59de3f5f6be9e83401d5d8bb723bc42fab48c92165d7b9afadc6cd4365

    • Size

      697KB

    • MD5

      a258cbf75906073cc70f705df281025c

    • SHA1

      a9c4a8cae5777883ab4c46f43a604bbbe0f8e7b0

    • SHA256

      832eca59de3f5f6be9e83401d5d8bb723bc42fab48c92165d7b9afadc6cd4365

    • SHA512

      8b2ef4d073a4c438d5a07225b1382757e80636580283689f662ffe018de808c627f105583d18a3315922c4f4cae8d90bf56fd800dc747f4392368425242b6759

    • SSDEEP

      12288:Zy906GmY0R68tmAFCY82Ydv9a6WTTEUlBHUKgjTr89gj/GtUYNHm6wQh:Zy/Yr8tXFxm9WEaB0KgjP89gj406w4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks