General

  • Target

    85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

  • Size

    704KB

  • Sample

    241109-fng5ya1lam

  • MD5

    fdc221f7aa10f8c25f34af0faa0f833b

  • SHA1

    2a0ff7ca50717afaf694cc13b255552577b91622

  • SHA256

    85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

  • SHA512

    50e9c1501695993ae28877d30990c07bad26132f03a715bfb92eab647abe1dc73705201616e793f669ca5a02e08eaa382803434300788da0aea2ee630b20333f

  • SSDEEP

    12288:Jy904wMcDGTylyuWUeMevT979GTDmBbOG4ErcywlI18zCXqIzVMhn/KFqSHAyWWd:JyXwLSTAzVQB7MTOb+EnoiqIhetRyR

Malware Config

Targets

    • Target

      85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

    • Size

      704KB

    • MD5

      fdc221f7aa10f8c25f34af0faa0f833b

    • SHA1

      2a0ff7ca50717afaf694cc13b255552577b91622

    • SHA256

      85d3feccfd30e3ca9e4869222433176c290f660ec27848c2825d6f167ff1aa0f

    • SHA512

      50e9c1501695993ae28877d30990c07bad26132f03a715bfb92eab647abe1dc73705201616e793f669ca5a02e08eaa382803434300788da0aea2ee630b20333f

    • SSDEEP

      12288:Jy904wMcDGTylyuWUeMevT979GTDmBbOG4ErcywlI18zCXqIzVMhn/KFqSHAyWWd:JyXwLSTAzVQB7MTOb+EnoiqIhetRyR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks