General

  • Target

    9c593967fe60abf9bb04c122010fc435846eeb75b6fb6e49345cdf5371600293

  • Size

    745KB

  • Sample

    241109-x5n39a1amn

  • MD5

    35480286d5684e7d7c526220b6a01bbd

  • SHA1

    af9b3b8bd4a198fd23de3f0dcedceadb6e764fd0

  • SHA256

    9c593967fe60abf9bb04c122010fc435846eeb75b6fb6e49345cdf5371600293

  • SHA512

    5a04764089495ec2a3968f90a9cfb5bfcd8c419e7195164250240a53c25439ca8b78b1f1e223a590344a76a5523721142a288c4f9a3fe6bdb155ca0341684b90

  • SSDEEP

    12288:Ny90fuGajIrqF5umXYpVYJtL5i3hRsX3yQXfSyWHOOooaBLwole:Ny2GF5NtcRsyQXfmbJqUow

Malware Config

Targets

    • Target

      9c593967fe60abf9bb04c122010fc435846eeb75b6fb6e49345cdf5371600293

    • Size

      745KB

    • MD5

      35480286d5684e7d7c526220b6a01bbd

    • SHA1

      af9b3b8bd4a198fd23de3f0dcedceadb6e764fd0

    • SHA256

      9c593967fe60abf9bb04c122010fc435846eeb75b6fb6e49345cdf5371600293

    • SHA512

      5a04764089495ec2a3968f90a9cfb5bfcd8c419e7195164250240a53c25439ca8b78b1f1e223a590344a76a5523721142a288c4f9a3fe6bdb155ca0341684b90

    • SSDEEP

      12288:Ny90fuGajIrqF5umXYpVYJtL5i3hRsX3yQXfSyWHOOooaBLwole:Ny2GF5NtcRsyQXfmbJqUow

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks