General

  • Target

    063261ebc132234e0394de1397c0b889635ef95bcfaec4bca57614f53c5ba7a8

  • Size

    569KB

  • Sample

    241109-fmtscayapc

  • MD5

    825525d61f130bcd57b0df9361974758

  • SHA1

    f6dce80a9188e83c989f36f4fa1951e7c86e5bfa

  • SHA256

    063261ebc132234e0394de1397c0b889635ef95bcfaec4bca57614f53c5ba7a8

  • SHA512

    cad76e03ba4aa50578180d5e8ec472c9eed2b3c825fcdc80971cf17dcfe96c87d010b167eebaad3eeda304ed60d3b4fa99eedd7ea2d56db239e78e292c1bc676

  • SSDEEP

    12288:My90tBATnu2LScCxE9J6OPZlO6/N18iVUe7zj1wGk:MyRTu2LShEPRn/ue7zj1wr

Malware Config

Targets

    • Target

      063261ebc132234e0394de1397c0b889635ef95bcfaec4bca57614f53c5ba7a8

    • Size

      569KB

    • MD5

      825525d61f130bcd57b0df9361974758

    • SHA1

      f6dce80a9188e83c989f36f4fa1951e7c86e5bfa

    • SHA256

      063261ebc132234e0394de1397c0b889635ef95bcfaec4bca57614f53c5ba7a8

    • SHA512

      cad76e03ba4aa50578180d5e8ec472c9eed2b3c825fcdc80971cf17dcfe96c87d010b167eebaad3eeda304ed60d3b4fa99eedd7ea2d56db239e78e292c1bc676

    • SSDEEP

      12288:My90tBATnu2LScCxE9J6OPZlO6/N18iVUe7zj1wGk:MyRTu2LShEPRn/ue7zj1wr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks