General

  • Target

    406e52d271161d7045f61c8d0f7acfcb5233bf077729d8de454b55cbe3c7365f

  • Size

    560KB

  • Sample

    241109-fx2kyaxpa1

  • MD5

    e3c0ba04f86de1673b0916cc5d9b7c27

  • SHA1

    93be082b2618a3192192c7180c3bc4b1029e3835

  • SHA256

    406e52d271161d7045f61c8d0f7acfcb5233bf077729d8de454b55cbe3c7365f

  • SHA512

    1c1dfae5460b5eb1e05a3b927ea78e7b8c399b0331c68768e3618535a7ce3c13078dea2d15573d2e23fc02c09a0866e75a8b3dbcc278a8bbe6cc1435280d79c6

  • SSDEEP

    12288:Hy90QtYMWOEQyU/Xz36Z+phXtXFT61BJudVJQhV8diM:HyXY9OOU/j36kHEj3VMiM

Malware Config

Targets

    • Target

      406e52d271161d7045f61c8d0f7acfcb5233bf077729d8de454b55cbe3c7365f

    • Size

      560KB

    • MD5

      e3c0ba04f86de1673b0916cc5d9b7c27

    • SHA1

      93be082b2618a3192192c7180c3bc4b1029e3835

    • SHA256

      406e52d271161d7045f61c8d0f7acfcb5233bf077729d8de454b55cbe3c7365f

    • SHA512

      1c1dfae5460b5eb1e05a3b927ea78e7b8c399b0331c68768e3618535a7ce3c13078dea2d15573d2e23fc02c09a0866e75a8b3dbcc278a8bbe6cc1435280d79c6

    • SSDEEP

      12288:Hy90QtYMWOEQyU/Xz36Z+phXtXFT61BJudVJQhV8diM:HyXY9OOU/j36kHEj3VMiM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks