General

  • Target

    90427a6f34e49421922add5a92d8f92456bf2655320ed32402e87ff42fff7bc7

  • Size

    611KB

  • Sample

    241109-ej24wawnf1

  • MD5

    67605fcc6f2387750fe792f59f49491b

  • SHA1

    74a806d57e41ee73a9f197201d91df87047da550

  • SHA256

    90427a6f34e49421922add5a92d8f92456bf2655320ed32402e87ff42fff7bc7

  • SHA512

    6a61e48d805898c3d07c2d264deb27c9a53260369923b8a38fe1ae250814486b0270a6047e328d603795922659cb81fd82003cd6d19ec90da037bf07405713e0

  • SSDEEP

    12288:6y902cWGwI4dH0e1t4UjMyXfSPNhY/LGITEoqFO:6y6PwndH0otrMyXfZSI4y

Malware Config

Targets

    • Target

      90427a6f34e49421922add5a92d8f92456bf2655320ed32402e87ff42fff7bc7

    • Size

      611KB

    • MD5

      67605fcc6f2387750fe792f59f49491b

    • SHA1

      74a806d57e41ee73a9f197201d91df87047da550

    • SHA256

      90427a6f34e49421922add5a92d8f92456bf2655320ed32402e87ff42fff7bc7

    • SHA512

      6a61e48d805898c3d07c2d264deb27c9a53260369923b8a38fe1ae250814486b0270a6047e328d603795922659cb81fd82003cd6d19ec90da037bf07405713e0

    • SSDEEP

      12288:6y902cWGwI4dH0e1t4UjMyXfSPNhY/LGITEoqFO:6y6PwndH0otrMyXfZSI4y

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks