General

  • Target

    66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a

  • Size

    568KB

  • Sample

    241109-eg5f8axbnh

  • MD5

    981860311d3cc450d9ff35cda99bc5b9

  • SHA1

    fabef866c86ec97f76003269412a6cc9ba8687cf

  • SHA256

    66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a

  • SHA512

    563133c559bb44c22ce8e9ad629acc6a8c3618c1e31ef84796a919e20aaea32a44aace9a861317a53d073088aadbc09e12b86e897214528b35e7c166a75b044f

  • SSDEEP

    12288:4y90rXKTdRDh7qurprpiYtOcXgE4poIdx0:4y+XGdR1eTYtnKL0

Malware Config

Targets

    • Target

      66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a

    • Size

      568KB

    • MD5

      981860311d3cc450d9ff35cda99bc5b9

    • SHA1

      fabef866c86ec97f76003269412a6cc9ba8687cf

    • SHA256

      66f5f8ab44c11e1b9a0282a1eeabf3c6b860ac7d953c3e73dcdc8bb2fa038e4a

    • SHA512

      563133c559bb44c22ce8e9ad629acc6a8c3618c1e31ef84796a919e20aaea32a44aace9a861317a53d073088aadbc09e12b86e897214528b35e7c166a75b044f

    • SSDEEP

      12288:4y90rXKTdRDh7qurprpiYtOcXgE4poIdx0:4y+XGdR1eTYtnKL0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks