General

  • Target

    1e9f281bf8bdf2e847fefd7a791ca2c70db8f1ad0b4cd5bd5794a842e4d6eb84

  • Size

    689KB

  • Sample

    241109-fp1nnsybka

  • MD5

    34c1d684ebcd654b45aea2dc4d1e86bc

  • SHA1

    08814ba63c43e5acc851dfd125298cb0882833a5

  • SHA256

    1e9f281bf8bdf2e847fefd7a791ca2c70db8f1ad0b4cd5bd5794a842e4d6eb84

  • SHA512

    a1448fa245024c2271da3eae8740e18e569bc87a0f52dead70e4786838a6ad45d5a562de6e71f5da6a88f3e68be511f8f308a03b6cdd355b7c3c3e4f81e428da

  • SSDEEP

    12288:ty90kgxikUwSjhuph1dDExQB3zZIJPGiBiMj/qNbrLBrLF64ST/z9a2rKCW0+7:tyYxinwSjUp9DEGzZCGioMuNb3BrLF6u

Malware Config

Targets

    • Target

      1e9f281bf8bdf2e847fefd7a791ca2c70db8f1ad0b4cd5bd5794a842e4d6eb84

    • Size

      689KB

    • MD5

      34c1d684ebcd654b45aea2dc4d1e86bc

    • SHA1

      08814ba63c43e5acc851dfd125298cb0882833a5

    • SHA256

      1e9f281bf8bdf2e847fefd7a791ca2c70db8f1ad0b4cd5bd5794a842e4d6eb84

    • SHA512

      a1448fa245024c2271da3eae8740e18e569bc87a0f52dead70e4786838a6ad45d5a562de6e71f5da6a88f3e68be511f8f308a03b6cdd355b7c3c3e4f81e428da

    • SSDEEP

      12288:ty90kgxikUwSjhuph1dDExQB3zZIJPGiBiMj/qNbrLBrLF64ST/z9a2rKCW0+7:tyYxinwSjUp9DEGzZCGioMuNb3BrLF6u

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks