General

  • Target

    b7966ff9361f4f72114a0db06f8a553aa80d0ae5ccc0de6e166afeebce0be35d

  • Size

    746KB

  • Sample

    241109-fylk4sycpl

  • MD5

    be3f21c5b92fe29d5cbd639d2d53c62a

  • SHA1

    531dd08dd21014b55733d26f4ccfe4717b8b8482

  • SHA256

    b7966ff9361f4f72114a0db06f8a553aa80d0ae5ccc0de6e166afeebce0be35d

  • SHA512

    088efdf067889583b5b97ac4da399eb51350292661d3f82e2ef783d7df2fd92c39b150c476a64338029273d2c82503cb83a9376fc803516a41c97c393a8a679a

  • SSDEEP

    12288:Hy90Cor0JBuAkjE4vbv3roqPTgDLq0UfwBaXD6:HywQJBjkhvbv3cqP10UfwBy6

Malware Config

Targets

    • Target

      b7966ff9361f4f72114a0db06f8a553aa80d0ae5ccc0de6e166afeebce0be35d

    • Size

      746KB

    • MD5

      be3f21c5b92fe29d5cbd639d2d53c62a

    • SHA1

      531dd08dd21014b55733d26f4ccfe4717b8b8482

    • SHA256

      b7966ff9361f4f72114a0db06f8a553aa80d0ae5ccc0de6e166afeebce0be35d

    • SHA512

      088efdf067889583b5b97ac4da399eb51350292661d3f82e2ef783d7df2fd92c39b150c476a64338029273d2c82503cb83a9376fc803516a41c97c393a8a679a

    • SSDEEP

      12288:Hy90Cor0JBuAkjE4vbv3roqPTgDLq0UfwBaXD6:HywQJBjkhvbv3cqP10UfwBy6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks