General

  • Target

    377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450

  • Size

    376KB

  • Sample

    241109-eh6exawnex

  • MD5

    fdf4ad48c5c9a8f7f85c8dfb461a1702

  • SHA1

    ffc2f7486a3568c32b6ce0839222516e9dd666da

  • SHA256

    377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450

  • SHA512

    4d3668b390fc5070cb4d50bbfe69d23c723205e590b7730ee9bf2ea3d0be0e34cea58223571ac3b5cc1a6ac5567e072c89e2376eb81e325f17ee67625da4045d

  • SSDEEP

    6144:Kny+bnr+Hp0yN90QEEbVgUy5uMeyA/oE65PTEYuiVCcZRtNWYP1:NMrTy90jnReyA565oYuiVCcNNn

Malware Config

Targets

    • Target

      377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450

    • Size

      376KB

    • MD5

      fdf4ad48c5c9a8f7f85c8dfb461a1702

    • SHA1

      ffc2f7486a3568c32b6ce0839222516e9dd666da

    • SHA256

      377e39ac6b592c81202a49627a311e67a948daeb950ac3823f2b69f0318d6450

    • SHA512

      4d3668b390fc5070cb4d50bbfe69d23c723205e590b7730ee9bf2ea3d0be0e34cea58223571ac3b5cc1a6ac5567e072c89e2376eb81e325f17ee67625da4045d

    • SSDEEP

      6144:Kny+bnr+Hp0yN90QEEbVgUy5uMeyA/oE65PTEYuiVCcZRtNWYP1:NMrTy90jnReyA565oYuiVCcNNn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks