General

  • Target

    0a6c0b19939c08a77506f06a3fd89238e0d0337945cdaf62c30c770d93775cb9

  • Size

    1.1MB

  • Sample

    241109-frw39sybmg

  • MD5

    77273073219f09693f62c24c7ab5c40c

  • SHA1

    61c5c772b782572c2f88e5b871b27bc00bdfd111

  • SHA256

    0a6c0b19939c08a77506f06a3fd89238e0d0337945cdaf62c30c770d93775cb9

  • SHA512

    59535b95b111c42c6306e31d8ca15c5dda3b1236cf3d04210588a2c95362fce850e620a1b6bbfc7239c9b62c0707239e00513d9f9cc9901a1acfeacb464f91ac

  • SSDEEP

    24576:WyaT1cXOFJn61WrRkqwxOdX3lBXQysT7+YccPP:laT1VJ61WlFET315

Malware Config

Targets

    • Target

      0a6c0b19939c08a77506f06a3fd89238e0d0337945cdaf62c30c770d93775cb9

    • Size

      1.1MB

    • MD5

      77273073219f09693f62c24c7ab5c40c

    • SHA1

      61c5c772b782572c2f88e5b871b27bc00bdfd111

    • SHA256

      0a6c0b19939c08a77506f06a3fd89238e0d0337945cdaf62c30c770d93775cb9

    • SHA512

      59535b95b111c42c6306e31d8ca15c5dda3b1236cf3d04210588a2c95362fce850e620a1b6bbfc7239c9b62c0707239e00513d9f9cc9901a1acfeacb464f91ac

    • SSDEEP

      24576:WyaT1cXOFJn61WrRkqwxOdX3lBXQysT7+YccPP:laT1VJ61WlFET315

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks