General

  • Target

    34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0

  • Size

    685KB

  • Sample

    241109-fkjjlayalf

  • MD5

    490cbe73059051ec7a0c664ed931b87c

  • SHA1

    eabef182eedfd668dd8a442b8ac31f6fa2889782

  • SHA256

    34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0

  • SHA512

    ab887ca00fca3b992964f108b73839cee8cb9442cdf71cb057ede8335b609f0510f7003dcf9282fb7019545629e251bb76bf6630472bcdd5dc4f9559b3c706d3

  • SSDEEP

    12288:Py90lHNaHw8Mmw2sDBTqFmyCSzGgBIVbMNHGYmNx5ntwO/oVdBhx:PymAHwIweAS609GtNHn1g/hx

Malware Config

Targets

    • Target

      34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0

    • Size

      685KB

    • MD5

      490cbe73059051ec7a0c664ed931b87c

    • SHA1

      eabef182eedfd668dd8a442b8ac31f6fa2889782

    • SHA256

      34558e1d0ad02b380a4fb64c91017d560b0b59083c296824edb58e2fdfd11bf0

    • SHA512

      ab887ca00fca3b992964f108b73839cee8cb9442cdf71cb057ede8335b609f0510f7003dcf9282fb7019545629e251bb76bf6630472bcdd5dc4f9559b3c706d3

    • SSDEEP

      12288:Py90lHNaHw8Mmw2sDBTqFmyCSzGgBIVbMNHGYmNx5ntwO/oVdBhx:PymAHwIweAS609GtNHn1g/hx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks