General

  • Target

    5fbfa914923bca103bbb7e91a5663c0c192aac3f086fdaf424716415c21b47bb

  • Size

    479KB

  • Sample

    241109-fj4hdayalp

  • MD5

    08caf1e97fe040ddd47f1e6488f21cab

  • SHA1

    9a4190d9dfe6baccce04620507e14aeb60714e0a

  • SHA256

    5fbfa914923bca103bbb7e91a5663c0c192aac3f086fdaf424716415c21b47bb

  • SHA512

    1fd87883fb4cf3b3501f784184d07dc066e8524a9b33b56aa4b0cd963ac137b71fe6dd87e552333d9b63255ecf320cbb8bf6ed776fb78e3b0ac71ee731b21399

  • SSDEEP

    12288:2MrHy90FE0uWgT5T5c1u31LTW0J7YHIZlchsFF3wkBr6J:pyiEX/9XRT/hKhupr6J

Malware Config

Targets

    • Target

      5fbfa914923bca103bbb7e91a5663c0c192aac3f086fdaf424716415c21b47bb

    • Size

      479KB

    • MD5

      08caf1e97fe040ddd47f1e6488f21cab

    • SHA1

      9a4190d9dfe6baccce04620507e14aeb60714e0a

    • SHA256

      5fbfa914923bca103bbb7e91a5663c0c192aac3f086fdaf424716415c21b47bb

    • SHA512

      1fd87883fb4cf3b3501f784184d07dc066e8524a9b33b56aa4b0cd963ac137b71fe6dd87e552333d9b63255ecf320cbb8bf6ed776fb78e3b0ac71ee731b21399

    • SSDEEP

      12288:2MrHy90FE0uWgT5T5c1u31LTW0J7YHIZlchsFF3wkBr6J:pyiEX/9XRT/hKhupr6J

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks