General

  • Target

    f5a81c88b434abbddce1b1dee44acb0fa73327fe80b309648d549b307bad28be

  • Size

    490KB

  • Sample

    241109-en7vxswpfw

  • MD5

    5461d086e9284fe874e7ce13d5779bc2

  • SHA1

    7a66e58a6ec3fd195ca982efe3bf1426dfad2c06

  • SHA256

    f5a81c88b434abbddce1b1dee44acb0fa73327fe80b309648d549b307bad28be

  • SHA512

    7b835da25af5aa4998d45ada194d5bb4baf92fe1ff4a9c293efd439944d58f437569719b166057f7745ef5f7edea2673e04ae19f6edd295b25d6554a68369fda

  • SSDEEP

    12288:BMrIy90yLxR1TJT0En6AnOUQ0C670wtTnDr:VyZvT0En6/UQ0L7P

Malware Config

Targets

    • Target

      f5a81c88b434abbddce1b1dee44acb0fa73327fe80b309648d549b307bad28be

    • Size

      490KB

    • MD5

      5461d086e9284fe874e7ce13d5779bc2

    • SHA1

      7a66e58a6ec3fd195ca982efe3bf1426dfad2c06

    • SHA256

      f5a81c88b434abbddce1b1dee44acb0fa73327fe80b309648d549b307bad28be

    • SHA512

      7b835da25af5aa4998d45ada194d5bb4baf92fe1ff4a9c293efd439944d58f437569719b166057f7745ef5f7edea2673e04ae19f6edd295b25d6554a68369fda

    • SSDEEP

      12288:BMrIy90yLxR1TJT0En6AnOUQ0C670wtTnDr:VyZvT0En6/UQ0L7P

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks