General

  • Target

    64c3442f6c23243565fe451345dffee657c199e52bb26b658398ea8fa47f8b40

  • Size

    702KB

  • Sample

    241109-x7bwpszlex

  • MD5

    7d42bcb0050a747efd28516af2272bc5

  • SHA1

    26d59f47578926b6fff8d0cc6d53fc0ff1b95334

  • SHA256

    64c3442f6c23243565fe451345dffee657c199e52bb26b658398ea8fa47f8b40

  • SHA512

    5cbfa7dcbb9deab205b67ad2f37ef0732136baf3b3c01842da81fca9ae0527c02247e579b5bd740be116c742f1f8953a9b1bcf0c76253a250ca67dd46c0d9a3d

  • SSDEEP

    12288:ay90U0f1+sx4HD7LY+0aU2x/uVSXTob10rMeaiiSulJ7kNy:ayh0f1tujDS2x/uVSjowHKDcNy

Malware Config

Targets

    • Target

      64c3442f6c23243565fe451345dffee657c199e52bb26b658398ea8fa47f8b40

    • Size

      702KB

    • MD5

      7d42bcb0050a747efd28516af2272bc5

    • SHA1

      26d59f47578926b6fff8d0cc6d53fc0ff1b95334

    • SHA256

      64c3442f6c23243565fe451345dffee657c199e52bb26b658398ea8fa47f8b40

    • SHA512

      5cbfa7dcbb9deab205b67ad2f37ef0732136baf3b3c01842da81fca9ae0527c02247e579b5bd740be116c742f1f8953a9b1bcf0c76253a250ca67dd46c0d9a3d

    • SSDEEP

      12288:ay90U0f1+sx4HD7LY+0aU2x/uVSXTob10rMeaiiSulJ7kNy:ayh0f1tujDS2x/uVSjowHKDcNy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks