General

  • Target

    20689012158f4cd2f7549ea2895f84603652f29296072ce872efb7824ea3998e

  • Size

    690KB

  • Sample

    241109-f3t32s1nfr

  • MD5

    9f93d355b3d95e4c109cfb6c5633c692

  • SHA1

    60eac12a95d62d3876cf7e7e44377bd05e3303c2

  • SHA256

    20689012158f4cd2f7549ea2895f84603652f29296072ce872efb7824ea3998e

  • SHA512

    a2e5d763c21ed2b14c5c47cf347a02a570f9397c3bcd586c411fdfcbdc20d246714550fffadb5a6f8a2ad27f0ebe4debc0897520173f24b057627fe7ef761e9c

  • SSDEEP

    12288:Ly90p28WbAHnxUltwsG8p6+60gW7sp3P44nObGoniNsmR3Ws6Mx:Lyb8MWxtsRpZT/g4UpN9W+x

Malware Config

Targets

    • Target

      20689012158f4cd2f7549ea2895f84603652f29296072ce872efb7824ea3998e

    • Size

      690KB

    • MD5

      9f93d355b3d95e4c109cfb6c5633c692

    • SHA1

      60eac12a95d62d3876cf7e7e44377bd05e3303c2

    • SHA256

      20689012158f4cd2f7549ea2895f84603652f29296072ce872efb7824ea3998e

    • SHA512

      a2e5d763c21ed2b14c5c47cf347a02a570f9397c3bcd586c411fdfcbdc20d246714550fffadb5a6f8a2ad27f0ebe4debc0897520173f24b057627fe7ef761e9c

    • SSDEEP

      12288:Ly90p28WbAHnxUltwsG8p6+60gW7sp3P44nObGoniNsmR3Ws6Mx:Lyb8MWxtsRpZT/g4UpN9W+x

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks