General

  • Target

    71564f4b436662092b2a9e13298cb12621be105d6c547933b5ba79a1031a16e5

  • Size

    690KB

  • Sample

    241109-f4l4tsydpr

  • MD5

    04030a4443793109b36da747bc3fe05f

  • SHA1

    7e6e1b1d7eee02e200c51c7f997342d09e6aa5fc

  • SHA256

    71564f4b436662092b2a9e13298cb12621be105d6c547933b5ba79a1031a16e5

  • SHA512

    7bb1be5840e497ef83916eb87be01085f01b7b34b6c186913d93206cef5d41fadc2ae96ac577914b23846e98c4aeae6c621080a7a9767ecea363a2024410972a

  • SSDEEP

    12288:Sy90FT62wmwTk9Pf2ohMoqskgSNK8D2v5THzv1Hoh0Vib2vm8Z6QaQ:Sy4T62wpaufoqs0TKT9HDA2vpZ6QT

Malware Config

Targets

    • Target

      71564f4b436662092b2a9e13298cb12621be105d6c547933b5ba79a1031a16e5

    • Size

      690KB

    • MD5

      04030a4443793109b36da747bc3fe05f

    • SHA1

      7e6e1b1d7eee02e200c51c7f997342d09e6aa5fc

    • SHA256

      71564f4b436662092b2a9e13298cb12621be105d6c547933b5ba79a1031a16e5

    • SHA512

      7bb1be5840e497ef83916eb87be01085f01b7b34b6c186913d93206cef5d41fadc2ae96ac577914b23846e98c4aeae6c621080a7a9767ecea363a2024410972a

    • SSDEEP

      12288:Sy90FT62wmwTk9Pf2ohMoqskgSNK8D2v5THzv1Hoh0Vib2vm8Z6QaQ:Sy4T62wpaufoqs0TKT9HDA2vpZ6QT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks