General

  • Target

    2d6da7e210cb1137446c31dc828c7103435ae729582d3b3b0945cb3236ab4c02

  • Size

    827KB

  • Sample

    241109-fv6f4sycjc

  • MD5

    a1456af07201f801ff813b0008b63032

  • SHA1

    2fa39dbf69aaff5fe44afbc1c1ea9d9968979d0d

  • SHA256

    2d6da7e210cb1137446c31dc828c7103435ae729582d3b3b0945cb3236ab4c02

  • SHA512

    82e9f992e690050cbb00e33b7a610187f6c5c6a82fe9b8b021010edeec64aaf0605ce1f7b4629a50a5b3b0e62c33d1c4224f803aa4012e775e36c496de482772

  • SSDEEP

    12288:fy90jxuHUH3HxwFtI+/NZrLiYBO74xmo7KRxZR5mVWQ65HG1X53C5rI:fyhHU6Ff/OYBAAmC6ZRPs1Jb

Malware Config

Targets

    • Target

      2d6da7e210cb1137446c31dc828c7103435ae729582d3b3b0945cb3236ab4c02

    • Size

      827KB

    • MD5

      a1456af07201f801ff813b0008b63032

    • SHA1

      2fa39dbf69aaff5fe44afbc1c1ea9d9968979d0d

    • SHA256

      2d6da7e210cb1137446c31dc828c7103435ae729582d3b3b0945cb3236ab4c02

    • SHA512

      82e9f992e690050cbb00e33b7a610187f6c5c6a82fe9b8b021010edeec64aaf0605ce1f7b4629a50a5b3b0e62c33d1c4224f803aa4012e775e36c496de482772

    • SSDEEP

      12288:fy90jxuHUH3HxwFtI+/NZrLiYBO74xmo7KRxZR5mVWQ65HG1X53C5rI:fyhHU6Ff/OYBAAmC6ZRPs1Jb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks