General

  • Target

    0f2cdc4bd0d044a85991be35423016fb908064b0882c5b617e6a762f35571443

  • Size

    569KB

  • Sample

    241109-fym4yaycpn

  • MD5

    05306fee83e21142a466bd26494560a9

  • SHA1

    a5e87626f1cdbaa84fd7d190d1303888d7a541fb

  • SHA256

    0f2cdc4bd0d044a85991be35423016fb908064b0882c5b617e6a762f35571443

  • SHA512

    a13dc59f0b252d41b3e4c2ddce3b819419bffef1e89c82e36b11b0271e2676f32d7e46a865706b8af201c666505c3e8b95b3aa34f138b5169c125b0fe61c9635

  • SSDEEP

    12288:Iy90VwsY7UVNtUJ7wnrPwwmuOdz3/ubDp9X1vtEeqqxtgy/xu/I:IyyhNtYcrI9uOdz2t9X1vqDyz5z

Malware Config

Targets

    • Target

      0f2cdc4bd0d044a85991be35423016fb908064b0882c5b617e6a762f35571443

    • Size

      569KB

    • MD5

      05306fee83e21142a466bd26494560a9

    • SHA1

      a5e87626f1cdbaa84fd7d190d1303888d7a541fb

    • SHA256

      0f2cdc4bd0d044a85991be35423016fb908064b0882c5b617e6a762f35571443

    • SHA512

      a13dc59f0b252d41b3e4c2ddce3b819419bffef1e89c82e36b11b0271e2676f32d7e46a865706b8af201c666505c3e8b95b3aa34f138b5169c125b0fe61c9635

    • SSDEEP

      12288:Iy90VwsY7UVNtUJ7wnrPwwmuOdz3/ubDp9X1vtEeqqxtgy/xu/I:IyyhNtYcrI9uOdz2t9X1vqDyz5z

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks