General

  • Target

    c548d0fab7e854a99b82604c2aaca75a4ae1b9d21ecf0851c277df20d572b897

  • Size

    569KB

  • Sample

    241109-edcxsswmes

  • MD5

    765ba94352bfa0d803cd34fc64b474ed

  • SHA1

    ee2b927d27d026e28a099eac39a207d2abb28566

  • SHA256

    c548d0fab7e854a99b82604c2aaca75a4ae1b9d21ecf0851c277df20d572b897

  • SHA512

    a4127c5f00fc6e0bce57c147d41dfb33cf9c63880f539792b0260f1afcf59399ee6e820c21abce34185bc509963d70b8b6f77d67f558db3184e3c62c5bd9911a

  • SSDEEP

    12288:sy90w3p2FhBrUaF5dTnhY8L0LT3hA04L10/:sy35HaxTnrLYRmI

Malware Config

Targets

    • Target

      c548d0fab7e854a99b82604c2aaca75a4ae1b9d21ecf0851c277df20d572b897

    • Size

      569KB

    • MD5

      765ba94352bfa0d803cd34fc64b474ed

    • SHA1

      ee2b927d27d026e28a099eac39a207d2abb28566

    • SHA256

      c548d0fab7e854a99b82604c2aaca75a4ae1b9d21ecf0851c277df20d572b897

    • SHA512

      a4127c5f00fc6e0bce57c147d41dfb33cf9c63880f539792b0260f1afcf59399ee6e820c21abce34185bc509963d70b8b6f77d67f558db3184e3c62c5bd9911a

    • SSDEEP

      12288:sy90w3p2FhBrUaF5dTnhY8L0LT3hA04L10/:sy35HaxTnrLYRmI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks