General

  • Target

    625c2754cbec2f5bb1074e75f1eb84e0a966e310d1373c3d7359726882020c83

  • Size

    706KB

  • Sample

    241109-fxar8a1mgl

  • MD5

    42dfa9227e009e25a27594129a336b86

  • SHA1

    8885a5e4106113d3e776b2d133f22f8c845edb5a

  • SHA256

    625c2754cbec2f5bb1074e75f1eb84e0a966e310d1373c3d7359726882020c83

  • SHA512

    5685c32529da1246b336be8038973319a91505aeaba2946b18daa7a40fb9ce6d04b70bfee8935495886cc347debfc7ff0f2b0fb7c36a446cd29e9585a43a42e9

  • SSDEEP

    12288:wy90dkGcHGUfOzDQQhcsCt8RkmUrET7RdrjJY8c0LSZJcxeJD39xZQqL:wypHzWzXitEiIjrjTcM+B39Pj

Malware Config

Targets

    • Target

      625c2754cbec2f5bb1074e75f1eb84e0a966e310d1373c3d7359726882020c83

    • Size

      706KB

    • MD5

      42dfa9227e009e25a27594129a336b86

    • SHA1

      8885a5e4106113d3e776b2d133f22f8c845edb5a

    • SHA256

      625c2754cbec2f5bb1074e75f1eb84e0a966e310d1373c3d7359726882020c83

    • SHA512

      5685c32529da1246b336be8038973319a91505aeaba2946b18daa7a40fb9ce6d04b70bfee8935495886cc347debfc7ff0f2b0fb7c36a446cd29e9585a43a42e9

    • SSDEEP

      12288:wy90dkGcHGUfOzDQQhcsCt8RkmUrET7RdrjJY8c0LSZJcxeJD39xZQqL:wypHzWzXitEiIjrjTcM+B39Pj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks