General

  • Target

    add4cc96eed28d16cf3910305a75131f17ae22250b78aaf5bed2b9270d8347de

  • Size

    563KB

  • Sample

    241109-fvznkaxnf1

  • MD5

    fe8428a52a43a023b6309383e4a7f6d1

  • SHA1

    985824135b8a95e461398ca793ddc358a801bda7

  • SHA256

    add4cc96eed28d16cf3910305a75131f17ae22250b78aaf5bed2b9270d8347de

  • SHA512

    7c9fd3dd7d222bbaa153573e07dcc70f34424e32e23f9d0a89374e8aeb5e1a54e3548d15a043221d30ed1fd21f7c4a34eaf56312ac6648b6f1034d6577b8764a

  • SSDEEP

    12288:0y905R9s+oriStqfhebabSkcm1cuTa6vQ+h:0yg9s+uieqflbSdglvr

Malware Config

Targets

    • Target

      add4cc96eed28d16cf3910305a75131f17ae22250b78aaf5bed2b9270d8347de

    • Size

      563KB

    • MD5

      fe8428a52a43a023b6309383e4a7f6d1

    • SHA1

      985824135b8a95e461398ca793ddc358a801bda7

    • SHA256

      add4cc96eed28d16cf3910305a75131f17ae22250b78aaf5bed2b9270d8347de

    • SHA512

      7c9fd3dd7d222bbaa153573e07dcc70f34424e32e23f9d0a89374e8aeb5e1a54e3548d15a043221d30ed1fd21f7c4a34eaf56312ac6648b6f1034d6577b8764a

    • SSDEEP

      12288:0y905R9s+oriStqfhebabSkcm1cuTa6vQ+h:0yg9s+uieqflbSdglvr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks