General

  • Target

    3cdc30613e4bc554187c4fd25a68483d8ca904de1837c1e8444cc0e154922c74

  • Size

    935KB

  • Sample

    241109-x6s4la1anr

  • MD5

    9c910e6b849bc760523a8e409cf5924e

  • SHA1

    0e89cda1010bc50ae9a0f58b9bf5f0ae84963c5e

  • SHA256

    3cdc30613e4bc554187c4fd25a68483d8ca904de1837c1e8444cc0e154922c74

  • SHA512

    7e7fbd1e54b125950b8bbae312859a3eec2f459915cfbe45b15b11692acfa0034e49d71faebc019cbc51ea85b2cae1be8a25ae8e8bfea819347e710e1b94280e

  • SSDEEP

    24576:nyklY/fQFZFhO9iVfsAA/0qSzKYTKA/yMLSFIZPXf8E789QaW:yklSQFGipB91pbu+flD

Malware Config

Targets

    • Target

      3cdc30613e4bc554187c4fd25a68483d8ca904de1837c1e8444cc0e154922c74

    • Size

      935KB

    • MD5

      9c910e6b849bc760523a8e409cf5924e

    • SHA1

      0e89cda1010bc50ae9a0f58b9bf5f0ae84963c5e

    • SHA256

      3cdc30613e4bc554187c4fd25a68483d8ca904de1837c1e8444cc0e154922c74

    • SHA512

      7e7fbd1e54b125950b8bbae312859a3eec2f459915cfbe45b15b11692acfa0034e49d71faebc019cbc51ea85b2cae1be8a25ae8e8bfea819347e710e1b94280e

    • SSDEEP

      24576:nyklY/fQFZFhO9iVfsAA/0qSzKYTKA/yMLSFIZPXf8E789QaW:yklSQFGipB91pbu+flD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks