General

  • Target

    9ce78a92c5c2c7dc8c151fde5cd9b124faff9e8c391b1577b45414ac8dbd3dc6

  • Size

    1.2MB

  • Sample

    241109-xmscyssqaq

  • MD5

    635987bd42588308271d96ec3efe0b1e

  • SHA1

    1276360876ee33b3d7e4ba7dbc784edb527b861b

  • SHA256

    9ce78a92c5c2c7dc8c151fde5cd9b124faff9e8c391b1577b45414ac8dbd3dc6

  • SHA512

    4242c5146fcb042cbac3b02547217869b21c5e3670f6a8277fd3e02a4688e7c92af8cfa316eb732fcaa9b790c21f69c9ece021f863c8529c38b968196a8c06c8

  • SSDEEP

    24576:L0zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:L0zNUYjkCcPoJgK3ss+y4bN

Malware Config

Targets

    • Target

      9ce78a92c5c2c7dc8c151fde5cd9b124faff9e8c391b1577b45414ac8dbd3dc6

    • Size

      1.2MB

    • MD5

      635987bd42588308271d96ec3efe0b1e

    • SHA1

      1276360876ee33b3d7e4ba7dbc784edb527b861b

    • SHA256

      9ce78a92c5c2c7dc8c151fde5cd9b124faff9e8c391b1577b45414ac8dbd3dc6

    • SHA512

      4242c5146fcb042cbac3b02547217869b21c5e3670f6a8277fd3e02a4688e7c92af8cfa316eb732fcaa9b790c21f69c9ece021f863c8529c38b968196a8c06c8

    • SSDEEP

      24576:L0zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:L0zNUYjkCcPoJgK3ss+y4bN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks