General

  • Target

    113bcc9f97fd2df2cbe7ee37775e8995f57f2191d8612c78f2dcc9d821071462

  • Size

    1.5MB

  • Sample

    241109-fryl4a1lep

  • MD5

    09339deecba900bf3bc4888bea1a262a

  • SHA1

    9d6aa4b7abb8ee3d4fb2f6e13972d56a7854a3bd

  • SHA256

    113bcc9f97fd2df2cbe7ee37775e8995f57f2191d8612c78f2dcc9d821071462

  • SHA512

    da282a5d3a7ce2faba428fb4b15fc472e09e19ed16b6dd9fcb156f3145ab014dc9e36bc17a9f8c4fa860bbb0ca6d775a10a2ec4940eefccc3b64829c97a0a37c

  • SSDEEP

    24576:dyJaPda0RCXzPWmi4Y5p/56N1VxMJ7a1AnrhdHf5tRaJyLgX8c7z3:4JafwXbWmC0IJ71r/Hf5eggX84

Malware Config

Targets

    • Target

      113bcc9f97fd2df2cbe7ee37775e8995f57f2191d8612c78f2dcc9d821071462

    • Size

      1.5MB

    • MD5

      09339deecba900bf3bc4888bea1a262a

    • SHA1

      9d6aa4b7abb8ee3d4fb2f6e13972d56a7854a3bd

    • SHA256

      113bcc9f97fd2df2cbe7ee37775e8995f57f2191d8612c78f2dcc9d821071462

    • SHA512

      da282a5d3a7ce2faba428fb4b15fc472e09e19ed16b6dd9fcb156f3145ab014dc9e36bc17a9f8c4fa860bbb0ca6d775a10a2ec4940eefccc3b64829c97a0a37c

    • SSDEEP

      24576:dyJaPda0RCXzPWmi4Y5p/56N1VxMJ7a1AnrhdHf5tRaJyLgX8c7z3:4JafwXbWmC0IJ71r/Hf5eggX84

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks