General

  • Target

    462feafb5675d89722f2271208e61dffa3cdb9d817ba7e6c18d2a8d1305926b2

  • Size

    694KB

  • Sample

    241109-f2vces1ndm

  • MD5

    986c50a319fccb3ed53dd2adbd206806

  • SHA1

    d7f7f1fb81b248928381abe218314e8b4aec9e7e

  • SHA256

    462feafb5675d89722f2271208e61dffa3cdb9d817ba7e6c18d2a8d1305926b2

  • SHA512

    cabc7a97c42a6cac15aefebff434e10e6503774660247fcab49375f753d3c2ce7fc644cdb668d0c9465a872bc66146e29249395c4e0f9cae9a242440e4027282

  • SSDEEP

    12288:wy908DqNq9NJJJSz5UpUlSSrEz7wjTnkdvVzTJFOC+qJK:wyCNqxJJ45UG9rs7fdvFTJtK

Malware Config

Targets

    • Target

      462feafb5675d89722f2271208e61dffa3cdb9d817ba7e6c18d2a8d1305926b2

    • Size

      694KB

    • MD5

      986c50a319fccb3ed53dd2adbd206806

    • SHA1

      d7f7f1fb81b248928381abe218314e8b4aec9e7e

    • SHA256

      462feafb5675d89722f2271208e61dffa3cdb9d817ba7e6c18d2a8d1305926b2

    • SHA512

      cabc7a97c42a6cac15aefebff434e10e6503774660247fcab49375f753d3c2ce7fc644cdb668d0c9465a872bc66146e29249395c4e0f9cae9a242440e4027282

    • SSDEEP

      12288:wy908DqNq9NJJJSz5UpUlSSrEz7wjTnkdvVzTJFOC+qJK:wyCNqxJJ45UG9rs7fdvFTJtK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks