General

  • Target

    9fb4cda1ca0fabdf19d3700029171390e96cba0ad8a64ae99234984a3883d5d2

  • Size

    1.5MB

  • Sample

    241109-xppd3syret

  • MD5

    2d1b1a0bac53f7769d12c28a4be6fd99

  • SHA1

    99306962603925fdbdb3dd14fe5c2fe85324e9cb

  • SHA256

    9fb4cda1ca0fabdf19d3700029171390e96cba0ad8a64ae99234984a3883d5d2

  • SHA512

    96b0a34c0f72e9c6799ed000512d404712c4fd31c0a49bb4a5c969ae85f7181a5f2a5031d68118265533bc5f96a2a1d90548d353d16c1aff09210409680684d4

  • SSDEEP

    24576:QyStCma6oQvRd9M5zujtmhIwClzm1+cQZpL7WX2NqRf3rNvE:XSwX6D/92ujtmhpazd6XCivrN

Malware Config

Targets

    • Target

      9fb4cda1ca0fabdf19d3700029171390e96cba0ad8a64ae99234984a3883d5d2

    • Size

      1.5MB

    • MD5

      2d1b1a0bac53f7769d12c28a4be6fd99

    • SHA1

      99306962603925fdbdb3dd14fe5c2fe85324e9cb

    • SHA256

      9fb4cda1ca0fabdf19d3700029171390e96cba0ad8a64ae99234984a3883d5d2

    • SHA512

      96b0a34c0f72e9c6799ed000512d404712c4fd31c0a49bb4a5c969ae85f7181a5f2a5031d68118265533bc5f96a2a1d90548d353d16c1aff09210409680684d4

    • SSDEEP

      24576:QyStCma6oQvRd9M5zujtmhIwClzm1+cQZpL7WX2NqRf3rNvE:XSwX6D/92ujtmhpazd6XCivrN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks