General

  • Target

    441d6cf16f4a1a5cfa86760ac3935b9ddcf1191014376658126dba745265c252

  • Size

    308KB

  • Sample

    241109-f38ansxqaw

  • MD5

    1c44e92468ed66d4f2405c0d1109e6cc

  • SHA1

    9e9573f63438610fa875667824ca4264467ee1b2

  • SHA256

    441d6cf16f4a1a5cfa86760ac3935b9ddcf1191014376658126dba745265c252

  • SHA512

    108ac8c9687c19bbb21b0aa8bd809cc715aec89fd1f4be37cbc77185034ed9d5aa7c191510f7390c053c90e392d0cb686d3a85f17fb13ad2e5918563842602a5

  • SSDEEP

    6144:Kcy+bnr+Fp0yN90QENlEY+zbPs64JPhigDVkNqvCmpNry:cMrpy90bb+zReZBDVeDmS

Malware Config

Targets

    • Target

      441d6cf16f4a1a5cfa86760ac3935b9ddcf1191014376658126dba745265c252

    • Size

      308KB

    • MD5

      1c44e92468ed66d4f2405c0d1109e6cc

    • SHA1

      9e9573f63438610fa875667824ca4264467ee1b2

    • SHA256

      441d6cf16f4a1a5cfa86760ac3935b9ddcf1191014376658126dba745265c252

    • SHA512

      108ac8c9687c19bbb21b0aa8bd809cc715aec89fd1f4be37cbc77185034ed9d5aa7c191510f7390c053c90e392d0cb686d3a85f17fb13ad2e5918563842602a5

    • SSDEEP

      6144:Kcy+bnr+Fp0yN90QENlEY+zbPs64JPhigDVkNqvCmpNry:cMrpy90bb+zReZBDVeDmS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks