General

  • Target

    27bf35236be4e3fce2c3268f9302840f7178ed295e8260391ed8387a9118c909

  • Size

    936KB

  • Sample

    241109-fwd39aycjg

  • MD5

    a5a618218034771758da664ec9133be8

  • SHA1

    252ea17c89217557cb798d3cf7bfa91c01862d41

  • SHA256

    27bf35236be4e3fce2c3268f9302840f7178ed295e8260391ed8387a9118c909

  • SHA512

    3853a3be9ad3fdb97eceaaed27c3c9fc5a8d19603098459a6dffe30a9389f661c95bc14108021e072d0871acb790d1e25ebf57d2cd126fb0a193feb3ae5577b4

  • SSDEEP

    24576:hyfH2KNiW9gldHcnEJ/IOiziKbHYoDHzFEb7m:UfRO3cE6HTb4oDHzeb7

Malware Config

Targets

    • Target

      27bf35236be4e3fce2c3268f9302840f7178ed295e8260391ed8387a9118c909

    • Size

      936KB

    • MD5

      a5a618218034771758da664ec9133be8

    • SHA1

      252ea17c89217557cb798d3cf7bfa91c01862d41

    • SHA256

      27bf35236be4e3fce2c3268f9302840f7178ed295e8260391ed8387a9118c909

    • SHA512

      3853a3be9ad3fdb97eceaaed27c3c9fc5a8d19603098459a6dffe30a9389f661c95bc14108021e072d0871acb790d1e25ebf57d2cd126fb0a193feb3ae5577b4

    • SSDEEP

      24576:hyfH2KNiW9gldHcnEJ/IOiziKbHYoDHzFEb7m:UfRO3cE6HTb4oDHzeb7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks