General

  • Target

    739827846f38ca6f068ab231ddba205d0a1f2d3bbb6152d777bc1f537d845d87

  • Size

    964KB

  • Sample

    241109-x5r5xatkdl

  • MD5

    c75ad11aa5119a90ad7232481f1280b5

  • SHA1

    8993083ed6cb3d034a5e8f25198c5bf510d92b7b

  • SHA256

    739827846f38ca6f068ab231ddba205d0a1f2d3bbb6152d777bc1f537d845d87

  • SHA512

    f02ef2b396c3676a656d14f3cf7febdb8adf1c5de88e899d3789b74d669c1b1dfa56345284339cabf85324425d95751dffca74f32935a63b08410f8ca21d76ae

  • SSDEEP

    24576:tyFyFC2RH2rTwdeX/FNrnBc0EL0GMhF2v:IFT2W4YXTO0EGz

Malware Config

Targets

    • Target

      739827846f38ca6f068ab231ddba205d0a1f2d3bbb6152d777bc1f537d845d87

    • Size

      964KB

    • MD5

      c75ad11aa5119a90ad7232481f1280b5

    • SHA1

      8993083ed6cb3d034a5e8f25198c5bf510d92b7b

    • SHA256

      739827846f38ca6f068ab231ddba205d0a1f2d3bbb6152d777bc1f537d845d87

    • SHA512

      f02ef2b396c3676a656d14f3cf7febdb8adf1c5de88e899d3789b74d669c1b1dfa56345284339cabf85324425d95751dffca74f32935a63b08410f8ca21d76ae

    • SSDEEP

      24576:tyFyFC2RH2rTwdeX/FNrnBc0EL0GMhF2v:IFT2W4YXTO0EGz

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks