General

  • Target

    67201b343b1fa47a3568b6219fd4f4bb28072d29b5e32bf37f13b1a8700681f7

  • Size

    920KB

  • Sample

    241109-fhwq5s1kbj

  • MD5

    835dee896e7a341ca98a22ca0847f457

  • SHA1

    183a148c3d45b1b9d0d56c9b171e2cf316bddbf9

  • SHA256

    67201b343b1fa47a3568b6219fd4f4bb28072d29b5e32bf37f13b1a8700681f7

  • SHA512

    869a01afe2b60574fa9104239ef28750dbe0a2e5db04bbc7b385231a95b3d071aeb2de76c2035f1b04ab4ddfd49629b782ab3339412c79115048eba686f54e38

  • SSDEEP

    24576:curBZ8DncUYo4IYo4IYo4IYxBRhxBRhxBRhxBRh2GWm2GWm2GWm2kymXEMC3txT0:atpnTM7GBQwTA0YlwHu1rD

Malware Config

Targets

    • Target

      67201b343b1fa47a3568b6219fd4f4bb28072d29b5e32bf37f13b1a8700681f7

    • Size

      920KB

    • MD5

      835dee896e7a341ca98a22ca0847f457

    • SHA1

      183a148c3d45b1b9d0d56c9b171e2cf316bddbf9

    • SHA256

      67201b343b1fa47a3568b6219fd4f4bb28072d29b5e32bf37f13b1a8700681f7

    • SHA512

      869a01afe2b60574fa9104239ef28750dbe0a2e5db04bbc7b385231a95b3d071aeb2de76c2035f1b04ab4ddfd49629b782ab3339412c79115048eba686f54e38

    • SSDEEP

      24576:curBZ8DncUYo4IYo4IYo4IYxBRhxBRhxBRhxBRh2GWm2GWm2GWm2kymXEMC3txT0:atpnTM7GBQwTA0YlwHu1rD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks