General

  • Target

    2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6

  • Size

    695KB

  • Sample

    241109-f3phka1nfq

  • MD5

    30436baa6e7adc0a2d74848da5c0efc1

  • SHA1

    74a9556a658e5b880fede4eed38d4a1b7f026cdf

  • SHA256

    2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6

  • SHA512

    3953aaa0793e85c37fd9c5122e2a4037a869b9c1aca8afa68c767f0aa7a5dd58efe3845e142fd42d72e34408719a7d09c237ef480765e28c913a3c42e0b26eb7

  • SSDEEP

    12288:Sy90hPwQ4lprci33OEIoPGjtTesQTQGfBqFXYpcOBbf6jjp89Fe:Syy9WrcDEIIyTQUGpcXYptBbSjj2e

Malware Config

Targets

    • Target

      2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6

    • Size

      695KB

    • MD5

      30436baa6e7adc0a2d74848da5c0efc1

    • SHA1

      74a9556a658e5b880fede4eed38d4a1b7f026cdf

    • SHA256

      2d4296d43843662f39bb08ba9d20c65eb1b8a6ac0083b1e503c7f5a9bdb251e6

    • SHA512

      3953aaa0793e85c37fd9c5122e2a4037a869b9c1aca8afa68c767f0aa7a5dd58efe3845e142fd42d72e34408719a7d09c237ef480765e28c913a3c42e0b26eb7

    • SSDEEP

      12288:Sy90hPwQ4lprci33OEIoPGjtTesQTQGfBqFXYpcOBbf6jjp89Fe:Syy9WrcDEIIyTQUGpcXYptBbSjj2e

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks