General

  • Target

    6446b8ee10c8c44660cbf60635f7e98a942015c939245fe183e26929b7b1abd6

  • Size

    1.0MB

  • Sample

    241109-x5gzya1ajg

  • MD5

    531a90d83cc8969825603ecc5a8a810c

  • SHA1

    ee1b248f890de90df5d5d6e1cc9150ef6f1dab96

  • SHA256

    6446b8ee10c8c44660cbf60635f7e98a942015c939245fe183e26929b7b1abd6

  • SHA512

    41c126f9276f1ea64ca5069e3a22d667828dfd0be7949c3a51c77c3bf5c796e7bde77e2c25d04b6e2a288996efca7127258c463eb1dec66c007670376343bf56

  • SSDEEP

    24576:SyzucPAhSx8oRR9aSiyEksKgNTauHl5WabDs9:5aQA6RKJx/Ttl5Wabo

Malware Config

Targets

    • Target

      6446b8ee10c8c44660cbf60635f7e98a942015c939245fe183e26929b7b1abd6

    • Size

      1.0MB

    • MD5

      531a90d83cc8969825603ecc5a8a810c

    • SHA1

      ee1b248f890de90df5d5d6e1cc9150ef6f1dab96

    • SHA256

      6446b8ee10c8c44660cbf60635f7e98a942015c939245fe183e26929b7b1abd6

    • SHA512

      41c126f9276f1ea64ca5069e3a22d667828dfd0be7949c3a51c77c3bf5c796e7bde77e2c25d04b6e2a288996efca7127258c463eb1dec66c007670376343bf56

    • SSDEEP

      24576:SyzucPAhSx8oRR9aSiyEksKgNTauHl5WabDs9:5aQA6RKJx/Ttl5Wabo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks