General

  • Target

    636858725f677267d66a8fb9549ed1c706fcdf5356184a410a52248c331b0784

  • Size

    560KB

  • Sample

    241109-fw7essxnhv

  • MD5

    aee77e2e41c01cfc532b27e41a49207a

  • SHA1

    df86854e09c48d79a9433f36c4135952a463e5aa

  • SHA256

    636858725f677267d66a8fb9549ed1c706fcdf5356184a410a52248c331b0784

  • SHA512

    c1057471370bdee80fd792984ca2142ead01fd02fd9b5f024c434dc11aa1181b9ee6098d4511efc85f4ea84294b7067868fe6c9e8d54d60a5ca4455556436fc5

  • SSDEEP

    12288:3y904FsbhN8I2JgpgYRpwGGaLcsYX/YobRcHxJr4Kcl:3ynSp2JgpDbtGa3IcRJrzcl

Malware Config

Targets

    • Target

      636858725f677267d66a8fb9549ed1c706fcdf5356184a410a52248c331b0784

    • Size

      560KB

    • MD5

      aee77e2e41c01cfc532b27e41a49207a

    • SHA1

      df86854e09c48d79a9433f36c4135952a463e5aa

    • SHA256

      636858725f677267d66a8fb9549ed1c706fcdf5356184a410a52248c331b0784

    • SHA512

      c1057471370bdee80fd792984ca2142ead01fd02fd9b5f024c434dc11aa1181b9ee6098d4511efc85f4ea84294b7067868fe6c9e8d54d60a5ca4455556436fc5

    • SSDEEP

      12288:3y904FsbhN8I2JgpgYRpwGGaLcsYX/YobRcHxJr4Kcl:3ynSp2JgpDbtGa3IcRJrzcl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks