General

  • Target

    085a10ae75dacc576fbc84877fa7875d7a418aa74267d6c678e83933b9c418d2

  • Size

    1.1MB

  • Sample

    241109-xpff6ssqek

  • MD5

    eba56791b7d129daf9230e3bcb1ebe2a

  • SHA1

    19f26dbdbb20630cf539a646b8c0d3aff00f154a

  • SHA256

    085a10ae75dacc576fbc84877fa7875d7a418aa74267d6c678e83933b9c418d2

  • SHA512

    c0ce318390f60d55fc2996214b7819b585bda148ce3fef6e695173d6f3f82f40632cca8fff1250434acf09036ae852306e48f9a10533f6dc2f9e2a9318856fe7

  • SSDEEP

    24576:Ayyxn8eIlImBIw3bSUpwJ3wO5wc2NNhwgYHt:Hb+mB3Xwn5wbNNagI

Malware Config

Targets

    • Target

      085a10ae75dacc576fbc84877fa7875d7a418aa74267d6c678e83933b9c418d2

    • Size

      1.1MB

    • MD5

      eba56791b7d129daf9230e3bcb1ebe2a

    • SHA1

      19f26dbdbb20630cf539a646b8c0d3aff00f154a

    • SHA256

      085a10ae75dacc576fbc84877fa7875d7a418aa74267d6c678e83933b9c418d2

    • SHA512

      c0ce318390f60d55fc2996214b7819b585bda148ce3fef6e695173d6f3f82f40632cca8fff1250434acf09036ae852306e48f9a10533f6dc2f9e2a9318856fe7

    • SSDEEP

      24576:Ayyxn8eIlImBIw3bSUpwJ3wO5wc2NNhwgYHt:Hb+mB3Xwn5wbNNagI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks