General

  • Target

    86c85f3cc1ccf5555c492fc8ceee602a577e9aa84f4bc42642b65775028cb372

  • Size

    690KB

  • Sample

    241109-fxvsdsxpax

  • MD5

    0632473dcf75ed1d9567e851f1e88485

  • SHA1

    8da4e1764a114ffd523cf4faf85b7b8ab739e818

  • SHA256

    86c85f3cc1ccf5555c492fc8ceee602a577e9aa84f4bc42642b65775028cb372

  • SHA512

    259a94fc982b983738c6b9ea08298174284ece2f3cd3915d99fed532fa9e90483ea1601516ff1c88e245c02477a3a59a587cb5411921ec49511588c2264ae5a9

  • SSDEEP

    12288:ey903HBsv7dsvWdzqUet9LExQBOzZIJGa66rhpEu+sKmbrLjrEA86O/TmQpzPgEi:eyrv7CuVC9LETzZn8KRmb3jrEA86KTm/

Malware Config

Targets

    • Target

      86c85f3cc1ccf5555c492fc8ceee602a577e9aa84f4bc42642b65775028cb372

    • Size

      690KB

    • MD5

      0632473dcf75ed1d9567e851f1e88485

    • SHA1

      8da4e1764a114ffd523cf4faf85b7b8ab739e818

    • SHA256

      86c85f3cc1ccf5555c492fc8ceee602a577e9aa84f4bc42642b65775028cb372

    • SHA512

      259a94fc982b983738c6b9ea08298174284ece2f3cd3915d99fed532fa9e90483ea1601516ff1c88e245c02477a3a59a587cb5411921ec49511588c2264ae5a9

    • SSDEEP

      12288:ey903HBsv7dsvWdzqUet9LExQBOzZIJGa66rhpEu+sKmbrLjrEA86O/TmQpzPgEi:eyrv7CuVC9LETzZn8KRmb3jrEA86KTm/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks