General

  • Target

    5c940fd26e0b9ca0041893718bdf14d9244ebcb5a91fee19de13a59c52b59232

  • Size

    1.3MB

  • Sample

    241109-ejphsazlgl

  • MD5

    dc098966246906f8d741340a01cbd2da

  • SHA1

    69e2084cf43e5a9a433271f5679d6f3b9ba85629

  • SHA256

    5c940fd26e0b9ca0041893718bdf14d9244ebcb5a91fee19de13a59c52b59232

  • SHA512

    890c242e26a812095ceb3e9fd838a74bb7e76b3f31dd4be61ee3f1c3f3cf9d238a9fdcdc51c9b75f10577d430cb3eadcdcc53b339d22e5923758bace73109aad

  • SSDEEP

    24576:2IKq5dNtV7We2GWqerZwO7Fk8YxeU5F8Si5LO+rImHhAs4ew2Hk4Q:2I/NKeU1ZwO+eUv8Sima5u4

Malware Config

Targets

    • Target

      5c940fd26e0b9ca0041893718bdf14d9244ebcb5a91fee19de13a59c52b59232

    • Size

      1.3MB

    • MD5

      dc098966246906f8d741340a01cbd2da

    • SHA1

      69e2084cf43e5a9a433271f5679d6f3b9ba85629

    • SHA256

      5c940fd26e0b9ca0041893718bdf14d9244ebcb5a91fee19de13a59c52b59232

    • SHA512

      890c242e26a812095ceb3e9fd838a74bb7e76b3f31dd4be61ee3f1c3f3cf9d238a9fdcdc51c9b75f10577d430cb3eadcdcc53b339d22e5923758bace73109aad

    • SSDEEP

      24576:2IKq5dNtV7We2GWqerZwO7Fk8YxeU5F8Si5LO+rImHhAs4ew2Hk4Q:2I/NKeU1ZwO+eUv8Sima5u4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks