General

  • Target

    e11f5a2414831f728a7e1623c17544d92ab9932b4116a88c380a1b3916ffbde0

  • Size

    1.1MB

  • Sample

    241109-fmptdsxmdw

  • MD5

    673151c57961fcd262d494cda0fd2962

  • SHA1

    55ebeb539efcdaba86b089f5ec7c2b6240711dcd

  • SHA256

    e11f5a2414831f728a7e1623c17544d92ab9932b4116a88c380a1b3916ffbde0

  • SHA512

    21b26dfc4b6e927f656e97295d94dd211f304ce4ecc599dd12d046e300c166143635defa39a91869c03d39923d0e2ade72162dedb5409d693fc56c07b662a524

  • SSDEEP

    24576:YypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:YyWVk6/b8tH5ZrTxxyMp4VNr5hVge

Malware Config

Targets

    • Target

      e11f5a2414831f728a7e1623c17544d92ab9932b4116a88c380a1b3916ffbde0

    • Size

      1.1MB

    • MD5

      673151c57961fcd262d494cda0fd2962

    • SHA1

      55ebeb539efcdaba86b089f5ec7c2b6240711dcd

    • SHA256

      e11f5a2414831f728a7e1623c17544d92ab9932b4116a88c380a1b3916ffbde0

    • SHA512

      21b26dfc4b6e927f656e97295d94dd211f304ce4ecc599dd12d046e300c166143635defa39a91869c03d39923d0e2ade72162dedb5409d693fc56c07b662a524

    • SSDEEP

      24576:YypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:YyWVk6/b8tH5ZrTxxyMp4VNr5hVge

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks