General

  • Target

    9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee

  • Size

    642KB

  • Sample

    241109-ftg25aybph

  • MD5

    71c5c17e2b3996d9665bb891394dc61e

  • SHA1

    5c98136407fbde573108290f8dea533f48f012fe

  • SHA256

    9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee

  • SHA512

    84210685237d4e75a3f954ae69c022e20d9f5dac4207031781a6eb60b26e25e033ab3072d2d772dba1f184afc825489ab2b35526cd142727825afd86ae8850ec

  • SSDEEP

    12288:3y90hssoBqe2VblPMYlktR1ATNn+k6wvioLEzyOKRYzigAq:3yk2kHbBlG1Ap4oLsygLAq

Malware Config

Targets

    • Target

      9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee

    • Size

      642KB

    • MD5

      71c5c17e2b3996d9665bb891394dc61e

    • SHA1

      5c98136407fbde573108290f8dea533f48f012fe

    • SHA256

      9fde087367c2d8d1e42603bf60066eb7a7989f85f9a109bd3503bb81b1d2b0ee

    • SHA512

      84210685237d4e75a3f954ae69c022e20d9f5dac4207031781a6eb60b26e25e033ab3072d2d772dba1f184afc825489ab2b35526cd142727825afd86ae8850ec

    • SSDEEP

      12288:3y90hssoBqe2VblPMYlktR1ATNn+k6wvioLEzyOKRYzigAq:3yk2kHbBlG1Ap4oLsygLAq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks