General

  • Target

    a67af42ee1efaec8a0ea90751061e897415ce2fe0d6a65d722a0fc0ea78588aa

  • Size

    964KB

  • Sample

    241109-f36rvaydna

  • MD5

    1aad89517c05ae9072e0779a58b6c966

  • SHA1

    49d04e76daa2f2fa288037c2ae5554d5bb885fb2

  • SHA256

    a67af42ee1efaec8a0ea90751061e897415ce2fe0d6a65d722a0fc0ea78588aa

  • SHA512

    02f4bc6424a29639fe7ca9046318c60bcc21d5ecc6e794f4dbb8b971304af45480cdb9c2caf9780da4828c76ba51b51f9001569253104a279518d7aecbf26ea6

  • SSDEEP

    24576:tyYe+JEA2obgmzY/mUkk9QAmcQ9qSJ6FSQn:IYesjFYuUYAJYJ6d

Malware Config

Targets

    • Target

      a67af42ee1efaec8a0ea90751061e897415ce2fe0d6a65d722a0fc0ea78588aa

    • Size

      964KB

    • MD5

      1aad89517c05ae9072e0779a58b6c966

    • SHA1

      49d04e76daa2f2fa288037c2ae5554d5bb885fb2

    • SHA256

      a67af42ee1efaec8a0ea90751061e897415ce2fe0d6a65d722a0fc0ea78588aa

    • SHA512

      02f4bc6424a29639fe7ca9046318c60bcc21d5ecc6e794f4dbb8b971304af45480cdb9c2caf9780da4828c76ba51b51f9001569253104a279518d7aecbf26ea6

    • SSDEEP

      24576:tyYe+JEA2obgmzY/mUkk9QAmcQ9qSJ6FSQn:IYesjFYuUYAJYJ6d

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks