General

  • Target

    39a0c4fec134183ea4d8ad807f172fc834f74394a1571ea1aba6d3a30815b5d8

  • Size

    695KB

  • Sample

    241109-fsg1qsxna1

  • MD5

    6ec56fd25b306a2f21bf2f03bd8e3d76

  • SHA1

    90cacb113bf89139b74c090e4ce2e690e74f5a37

  • SHA256

    39a0c4fec134183ea4d8ad807f172fc834f74394a1571ea1aba6d3a30815b5d8

  • SHA512

    ad436fdb4f83a580e7da9c3e3e97ef3f6bc978f41e107ed362509f51c8c8d5cc9e196a9047dcbe31662d6f3fa6739abb75231dec1c50c188deb4d4930f03e638

  • SSDEEP

    12288:ny90ITK4lBAOWe/NNPYl9jw65ATU+0hoX4ZCU55vleu2Kq9ojOQa:nyVbqKNNgl9jRh84ZCUpWKqyjOQa

Malware Config

Targets

    • Target

      39a0c4fec134183ea4d8ad807f172fc834f74394a1571ea1aba6d3a30815b5d8

    • Size

      695KB

    • MD5

      6ec56fd25b306a2f21bf2f03bd8e3d76

    • SHA1

      90cacb113bf89139b74c090e4ce2e690e74f5a37

    • SHA256

      39a0c4fec134183ea4d8ad807f172fc834f74394a1571ea1aba6d3a30815b5d8

    • SHA512

      ad436fdb4f83a580e7da9c3e3e97ef3f6bc978f41e107ed362509f51c8c8d5cc9e196a9047dcbe31662d6f3fa6739abb75231dec1c50c188deb4d4930f03e638

    • SSDEEP

      12288:ny90ITK4lBAOWe/NNPYl9jw65ATU+0hoX4ZCU55vleu2Kq9ojOQa:nyVbqKNNgl9jRh84ZCUpWKqyjOQa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks