General

  • Target

    2630fcdad04ad0268b03d275b2858adf70de35e7b16f4480c01516ff56f0c4f6

  • Size

    920KB

  • Sample

    241109-xr7cnszjbv

  • MD5

    42851fd2767e257b0ac362d8877349cb

  • SHA1

    8621a95ef0467f623496dc16ef15e73de5af1ade

  • SHA256

    2630fcdad04ad0268b03d275b2858adf70de35e7b16f4480c01516ff56f0c4f6

  • SHA512

    76126461f60d4d1fb7b21d8ad7524597e4a609d536669a9ea8e59f6ca37df0abed5db4cd1325c40d7ef754ef8378a2a56f3b8d180e777532fc679688aa7a4f5c

  • SSDEEP

    24576:3yi9j9IlrlEbhQ6fkayKxrYNDbyiN7gcV:CiUrlEbW6aUEHV7

Malware Config

Targets

    • Target

      2630fcdad04ad0268b03d275b2858adf70de35e7b16f4480c01516ff56f0c4f6

    • Size

      920KB

    • MD5

      42851fd2767e257b0ac362d8877349cb

    • SHA1

      8621a95ef0467f623496dc16ef15e73de5af1ade

    • SHA256

      2630fcdad04ad0268b03d275b2858adf70de35e7b16f4480c01516ff56f0c4f6

    • SHA512

      76126461f60d4d1fb7b21d8ad7524597e4a609d536669a9ea8e59f6ca37df0abed5db4cd1325c40d7ef754ef8378a2a56f3b8d180e777532fc679688aa7a4f5c

    • SSDEEP

      24576:3yi9j9IlrlEbhQ6fkayKxrYNDbyiN7gcV:CiUrlEbW6aUEHV7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks