General

  • Target

    3ae4fd1a08e9692aa192fe223abd2549f1e500fef3c33af9882c59e82cb68da5

  • Size

    674KB

  • Sample

    241109-egmamswnby

  • MD5

    c2d95d5f4b15f1960082e5bbd038fcb5

  • SHA1

    aafe96572833887d5b2ebcca433a59c30f6159fb

  • SHA256

    3ae4fd1a08e9692aa192fe223abd2549f1e500fef3c33af9882c59e82cb68da5

  • SHA512

    28c71b9785f735475e3c0d52d152ed957b7255f43e2463c8d1be4903648bd53619fa54988b46a6cac61a325cfc10fb6c7f0791fade917b33ec59d30770136c26

  • SSDEEP

    12288:Ry908n9DEnqdtJ0P7KTfa5+TrfqhL579fYVtL5yVj1CLQ0M3qN:RyBnZdtJ0PReShLd9UL5ynCQVG

Malware Config

Targets

    • Target

      3ae4fd1a08e9692aa192fe223abd2549f1e500fef3c33af9882c59e82cb68da5

    • Size

      674KB

    • MD5

      c2d95d5f4b15f1960082e5bbd038fcb5

    • SHA1

      aafe96572833887d5b2ebcca433a59c30f6159fb

    • SHA256

      3ae4fd1a08e9692aa192fe223abd2549f1e500fef3c33af9882c59e82cb68da5

    • SHA512

      28c71b9785f735475e3c0d52d152ed957b7255f43e2463c8d1be4903648bd53619fa54988b46a6cac61a325cfc10fb6c7f0791fade917b33ec59d30770136c26

    • SSDEEP

      12288:Ry908n9DEnqdtJ0P7KTfa5+TrfqhL579fYVtL5yVj1CLQ0M3qN:RyBnZdtJ0PReShLd9UL5ynCQVG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks