General

  • Target

    d2330b4795e0c8f02dd3177b3ddafa77123e5816f5cd8eb4a5068b4339e65a7b

  • Size

    1.1MB

  • Sample

    241109-ejfwmswnfs

  • MD5

    34328170db11ad354c5b1d97d3a4417b

  • SHA1

    a76b0ac19515f02b886fec4804e3c80ebe198397

  • SHA256

    d2330b4795e0c8f02dd3177b3ddafa77123e5816f5cd8eb4a5068b4339e65a7b

  • SHA512

    091f61764bdb380acf5aed04a13531752f797cc4f28dc1358f4fe6bdb74c941b3ac1b7af71b62cc793da3b2363b535607ae02e824d6e49e15815e3c1f90870ce

  • SSDEEP

    24576:uyTkWpByCYv/m3qkbRPZMlQeqPYF6FfzNHNcX:9sv+3pMFI/S

Malware Config

Targets

    • Target

      d2330b4795e0c8f02dd3177b3ddafa77123e5816f5cd8eb4a5068b4339e65a7b

    • Size

      1.1MB

    • MD5

      34328170db11ad354c5b1d97d3a4417b

    • SHA1

      a76b0ac19515f02b886fec4804e3c80ebe198397

    • SHA256

      d2330b4795e0c8f02dd3177b3ddafa77123e5816f5cd8eb4a5068b4339e65a7b

    • SHA512

      091f61764bdb380acf5aed04a13531752f797cc4f28dc1358f4fe6bdb74c941b3ac1b7af71b62cc793da3b2363b535607ae02e824d6e49e15815e3c1f90870ce

    • SSDEEP

      24576:uyTkWpByCYv/m3qkbRPZMlQeqPYF6FfzNHNcX:9sv+3pMFI/S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks