General

  • Target

    24065be5dd94ca82e0c57d10781874c2ff0f070de86562f4693ceb57e670fc1d

  • Size

    727KB

  • Sample

    241109-fskrmaybqj

  • MD5

    f0c0a0e75c82d5807d1609822fa94814

  • SHA1

    e044c53e39304fa91b28e3a7506c4d671df2b388

  • SHA256

    24065be5dd94ca82e0c57d10781874c2ff0f070de86562f4693ceb57e670fc1d

  • SHA512

    055e06d6ca39493972bce52f7e4959910c1d748d9062285e2752ce2cc8fba5663c9eb3ef0da3df0eede1ed7b72014062715b0958cd1a0fddec01f318edc1f0ae

  • SSDEEP

    12288:zy90D3iOUCA6I7Gc5MLgyW3r9txWGnKMF9pcvhPbvUj4ZBkGwDo7hnTdAUxiWV24:zy2hUCA6gyWbFWCFHcvhreGFwsFnTxVX

Malware Config

Targets

    • Target

      24065be5dd94ca82e0c57d10781874c2ff0f070de86562f4693ceb57e670fc1d

    • Size

      727KB

    • MD5

      f0c0a0e75c82d5807d1609822fa94814

    • SHA1

      e044c53e39304fa91b28e3a7506c4d671df2b388

    • SHA256

      24065be5dd94ca82e0c57d10781874c2ff0f070de86562f4693ceb57e670fc1d

    • SHA512

      055e06d6ca39493972bce52f7e4959910c1d748d9062285e2752ce2cc8fba5663c9eb3ef0da3df0eede1ed7b72014062715b0958cd1a0fddec01f318edc1f0ae

    • SSDEEP

      12288:zy90D3iOUCA6I7Gc5MLgyW3r9txWGnKMF9pcvhPbvUj4ZBkGwDo7hnTdAUxiWV24:zy2hUCA6gyWbFWCFHcvhreGFwsFnTxVX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks