General

  • Target

    48cc54454ee664fec813186a25ca1adb9c88b947dd31c0c21c448fcf203b1a71

  • Size

    725KB

  • Sample

    241109-xs4ceasrck

  • MD5

    33a8a6991ae8602c2fa2cd3726670b9f

  • SHA1

    60e60b071dd5bd5ad5ace284593cae3ae86ba361

  • SHA256

    48cc54454ee664fec813186a25ca1adb9c88b947dd31c0c21c448fcf203b1a71

  • SHA512

    3af78100837cdfc0bd2be5f9c582da7499a921b0db4458af682b9762520c54547165ad7d94ec3449dc92a0fef217d13709705bec2756e07c673ee071a1657a3c

  • SSDEEP

    12288:Sy90gVIo+8lvtGRdd8r6rIwjzwPSCOEoKUlEvKmsf:SyZV7BtRPSCOFK1Lg

Malware Config

Targets

    • Target

      48cc54454ee664fec813186a25ca1adb9c88b947dd31c0c21c448fcf203b1a71

    • Size

      725KB

    • MD5

      33a8a6991ae8602c2fa2cd3726670b9f

    • SHA1

      60e60b071dd5bd5ad5ace284593cae3ae86ba361

    • SHA256

      48cc54454ee664fec813186a25ca1adb9c88b947dd31c0c21c448fcf203b1a71

    • SHA512

      3af78100837cdfc0bd2be5f9c582da7499a921b0db4458af682b9762520c54547165ad7d94ec3449dc92a0fef217d13709705bec2756e07c673ee071a1657a3c

    • SSDEEP

      12288:Sy90gVIo+8lvtGRdd8r6rIwjzwPSCOEoKUlEvKmsf:SyZV7BtRPSCOFK1Lg

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks