General

  • Target

    d9a5e582be315154fd2344a90fd7f69feab45cf9a15e2e5d0c2038e3df462cff

  • Size

    967KB

  • Sample

    241109-ep1s1axdjg

  • MD5

    1159f77e407005d942d1d638aacdbc65

  • SHA1

    36110ffe8478575595cd4c0c02f0f16b7b493569

  • SHA256

    d9a5e582be315154fd2344a90fd7f69feab45cf9a15e2e5d0c2038e3df462cff

  • SHA512

    10bc1bc4d0eb4c3238760dc71c5111ac968cbc2d67764a5c6ce4c62344e627f71827eae4f6feabd1ebcc3cc0b02005b92d3310254378acb1ce9f093d02d75b90

  • SSDEEP

    24576:KyPQ9nfev0Hi/r91pDlW0FogOiGf/Th4oUX5:Ro9fev0Hiz9FFnul4o

Malware Config

Targets

    • Target

      d9a5e582be315154fd2344a90fd7f69feab45cf9a15e2e5d0c2038e3df462cff

    • Size

      967KB

    • MD5

      1159f77e407005d942d1d638aacdbc65

    • SHA1

      36110ffe8478575595cd4c0c02f0f16b7b493569

    • SHA256

      d9a5e582be315154fd2344a90fd7f69feab45cf9a15e2e5d0c2038e3df462cff

    • SHA512

      10bc1bc4d0eb4c3238760dc71c5111ac968cbc2d67764a5c6ce4c62344e627f71827eae4f6feabd1ebcc3cc0b02005b92d3310254378acb1ce9f093d02d75b90

    • SSDEEP

      24576:KyPQ9nfev0Hi/r91pDlW0FogOiGf/Th4oUX5:Ro9fev0Hiz9FFnul4o

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks