General

  • Target

    247c40bcc7cb6b04702a2185a607be174b5810ba5eec75b16953f7f9608b84c2

  • Size

    707KB

  • Sample

    241109-fv7zya1mdq

  • MD5

    9279973365f49d25069bdc74720f0584

  • SHA1

    dc0442736708c299b63bed271150033f3eb5704b

  • SHA256

    247c40bcc7cb6b04702a2185a607be174b5810ba5eec75b16953f7f9608b84c2

  • SHA512

    608663225537a00ebf643b832dddcd4001ee356898eac69a042254164b5daa3c664256f8f9d59e2142ad4ea6ba43c8fe7dc1ced63b65d0da1d2ecebc946cf560

  • SSDEEP

    12288:ay90Xpc5FnZ1kzmI/4ibBn8f1XlDsA9KG8HX7uObm64/cm85Eu8xOS:aymkZ1Qmhibp8f1XloA965MOEdOS

Malware Config

Targets

    • Target

      247c40bcc7cb6b04702a2185a607be174b5810ba5eec75b16953f7f9608b84c2

    • Size

      707KB

    • MD5

      9279973365f49d25069bdc74720f0584

    • SHA1

      dc0442736708c299b63bed271150033f3eb5704b

    • SHA256

      247c40bcc7cb6b04702a2185a607be174b5810ba5eec75b16953f7f9608b84c2

    • SHA512

      608663225537a00ebf643b832dddcd4001ee356898eac69a042254164b5daa3c664256f8f9d59e2142ad4ea6ba43c8fe7dc1ced63b65d0da1d2ecebc946cf560

    • SSDEEP

      12288:ay90Xpc5FnZ1kzmI/4ibBn8f1XlDsA9KG8HX7uObm64/cm85Eu8xOS:aymkZ1Qmhibp8f1XloA965MOEdOS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks