General

  • Target

    dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0

  • Size

    558KB

  • Sample

    241109-x55q1a1anm

  • MD5

    1e6fe4900b1f08f8a20903f8c6949ae4

  • SHA1

    8e5f8a769d4f56ee16b80b38122b5967ed93e87a

  • SHA256

    dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0

  • SHA512

    6b39c2f5347f84ad9af60b5f45cddf3db5b48d81a5f5a86c995d77a22cc5547e12ad715cd1063e80979dcf0ef54850e35c9db3c28a1cac32027ce61114c8f27e

  • SSDEEP

    12288:3y90SvK5h87EChL1DBKo45yGcN1fBj8OKpcEGjZVZ:3yrvKTsGo45W1pQOKprGl

Malware Config

Targets

    • Target

      dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0

    • Size

      558KB

    • MD5

      1e6fe4900b1f08f8a20903f8c6949ae4

    • SHA1

      8e5f8a769d4f56ee16b80b38122b5967ed93e87a

    • SHA256

      dedfeb7686711bd72cdfbc1ab670420d38c24ac4d8fdf6aaa2709b949a9f26f0

    • SHA512

      6b39c2f5347f84ad9af60b5f45cddf3db5b48d81a5f5a86c995d77a22cc5547e12ad715cd1063e80979dcf0ef54850e35c9db3c28a1cac32027ce61114c8f27e

    • SSDEEP

      12288:3y90SvK5h87EChL1DBKo45yGcN1fBj8OKpcEGjZVZ:3yrvKTsGo45W1pQOKprGl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks