General

  • Target

    5fa5006b4d36987f15131319ca4b068f1b2a6918f778217b08d4b6455efcd4b2

  • Size

    697KB

  • Sample

    241109-x14cdatjfj

  • MD5

    f55a3fa9acf8bed1603edd2fab97607a

  • SHA1

    6f28157e4ed375748b929030c0d940c3692a1364

  • SHA256

    5fa5006b4d36987f15131319ca4b068f1b2a6918f778217b08d4b6455efcd4b2

  • SHA512

    458cda6fd00b22407a2acc7f0076d78adb04bed838573eb2a066ca216e19bf0d27bc0b72eb2b67b36c160a52337fc0231f20e2fcf70f2c6a7a0f303be4c2cbdb

  • SSDEEP

    12288:2y90xw6ree0bBwwoepZzcf7/YWGsBKuuYrEcYHRXIbZ/bC:2ykw6rUu/epZz2hzluYQlI12

Malware Config

Targets

    • Target

      5fa5006b4d36987f15131319ca4b068f1b2a6918f778217b08d4b6455efcd4b2

    • Size

      697KB

    • MD5

      f55a3fa9acf8bed1603edd2fab97607a

    • SHA1

      6f28157e4ed375748b929030c0d940c3692a1364

    • SHA256

      5fa5006b4d36987f15131319ca4b068f1b2a6918f778217b08d4b6455efcd4b2

    • SHA512

      458cda6fd00b22407a2acc7f0076d78adb04bed838573eb2a066ca216e19bf0d27bc0b72eb2b67b36c160a52337fc0231f20e2fcf70f2c6a7a0f303be4c2cbdb

    • SSDEEP

      12288:2y90xw6ree0bBwwoepZzcf7/YWGsBKuuYrEcYHRXIbZ/bC:2ykw6rUu/epZz2hzluYQlI12

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks