General

  • Target

    33ff872900a35e3903faa2de0a701b0cba2e1aad959f750dca007f4cdb0bc6b6

  • Size

    1.2MB

  • Sample

    241109-fkbhzsyald

  • MD5

    2b968d142ecf3e0def6113f68262d13d

  • SHA1

    2144a044cdc2bb275157da886687c95b72c9c21f

  • SHA256

    33ff872900a35e3903faa2de0a701b0cba2e1aad959f750dca007f4cdb0bc6b6

  • SHA512

    97e86c2e26a14b14042ae54e4552c120c610b42ec5305f0a5a5175f57a292a57180faadcaccb541f630e414dd57367cd007fd7e800db0f0c870ace27f62c9d7a

  • SSDEEP

    24576:lVQCVvyI/k4Zf9YMGp77zdd0ZKUNk9e0KUDsM1dpkJNK35m:lVtvhk499YMGVzddAge0KUDsiyNK

Malware Config

Targets

    • Target

      33ff872900a35e3903faa2de0a701b0cba2e1aad959f750dca007f4cdb0bc6b6

    • Size

      1.2MB

    • MD5

      2b968d142ecf3e0def6113f68262d13d

    • SHA1

      2144a044cdc2bb275157da886687c95b72c9c21f

    • SHA256

      33ff872900a35e3903faa2de0a701b0cba2e1aad959f750dca007f4cdb0bc6b6

    • SHA512

      97e86c2e26a14b14042ae54e4552c120c610b42ec5305f0a5a5175f57a292a57180faadcaccb541f630e414dd57367cd007fd7e800db0f0c870ace27f62c9d7a

    • SSDEEP

      24576:lVQCVvyI/k4Zf9YMGp77zdd0ZKUNk9e0KUDsM1dpkJNK35m:lVtvhk499YMGVzddAge0KUDsiyNK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks