General

  • Target

    326241b47f15c75b269b24387ec910c9c5e19fbe44e4f67346ef2591bdbbe03b

  • Size

    694KB

  • Sample

    241109-fmzctsxmdz

  • MD5

    89c3f328d792dac38329624a82d27088

  • SHA1

    24004fb43dfa2a9166b455b1bc87f6739db05a7a

  • SHA256

    326241b47f15c75b269b24387ec910c9c5e19fbe44e4f67346ef2591bdbbe03b

  • SHA512

    00429ec4c1b9a74090620334d8991d8c50598cf9db2401a853408431b9b192b14d7cc9e9522442ceed30e8178fa170e5f546debecd7ead7167339dd2dd81556a

  • SSDEEP

    12288:by90ZR+CA1m2iWFjcNr8in+hZR048JhN/0ttHR6YElwWsFoo1T3a06HvbG:byJmghcZ8iniZlPt6tbRo13afS

Malware Config

Targets

    • Target

      326241b47f15c75b269b24387ec910c9c5e19fbe44e4f67346ef2591bdbbe03b

    • Size

      694KB

    • MD5

      89c3f328d792dac38329624a82d27088

    • SHA1

      24004fb43dfa2a9166b455b1bc87f6739db05a7a

    • SHA256

      326241b47f15c75b269b24387ec910c9c5e19fbe44e4f67346ef2591bdbbe03b

    • SHA512

      00429ec4c1b9a74090620334d8991d8c50598cf9db2401a853408431b9b192b14d7cc9e9522442ceed30e8178fa170e5f546debecd7ead7167339dd2dd81556a

    • SSDEEP

      12288:by90ZR+CA1m2iWFjcNr8in+hZR048JhN/0ttHR6YElwWsFoo1T3a06HvbG:byJmghcZ8iniZlPt6tbRo13afS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks