General

  • Target

    6dfcde7d35486e7da96549e546ad50f27db72af91bffc3e50b95b878daf0e572

  • Size

    705KB

  • Sample

    241109-fjs2msyakc

  • MD5

    a17e67001edef1c5ebd98ba3060e1918

  • SHA1

    aae5970a99c11c810c37626db97067af1f787a2f

  • SHA256

    6dfcde7d35486e7da96549e546ad50f27db72af91bffc3e50b95b878daf0e572

  • SHA512

    ba464c0056581f0e3552ac4f27d5351ab72a6c33112233c7a23a793a278299411e1e140542a90270d33c008ccab856302c8b743381127b269930812e5ec57007

  • SSDEEP

    12288:vy90iDgLpFH8VqHzlyYDiyLgWwYS0dg2/oyzP9Epj8rMQei:vycLXD5eyUWPFZQyKpoMQ9

Malware Config

Targets

    • Target

      6dfcde7d35486e7da96549e546ad50f27db72af91bffc3e50b95b878daf0e572

    • Size

      705KB

    • MD5

      a17e67001edef1c5ebd98ba3060e1918

    • SHA1

      aae5970a99c11c810c37626db97067af1f787a2f

    • SHA256

      6dfcde7d35486e7da96549e546ad50f27db72af91bffc3e50b95b878daf0e572

    • SHA512

      ba464c0056581f0e3552ac4f27d5351ab72a6c33112233c7a23a793a278299411e1e140542a90270d33c008ccab856302c8b743381127b269930812e5ec57007

    • SSDEEP

      12288:vy90iDgLpFH8VqHzlyYDiyLgWwYS0dg2/oyzP9Epj8rMQei:vycLXD5eyUWPFZQyKpoMQ9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks