General

  • Target

    1810f579c8c1823aaf136459959318cfecdd2ebc143c228cb5db69aff9653682

  • Size

    480KB

  • Sample

    241109-xsfw4szfqb

  • MD5

    31ca8eca92aa92c48f9a08de51e0e610

  • SHA1

    7a507b6e458e2de3cbc9dd48052e4b8ce2d04b68

  • SHA256

    1810f579c8c1823aaf136459959318cfecdd2ebc143c228cb5db69aff9653682

  • SHA512

    90fc93f69bd9a1a7de3ae596d3b95078551dcc2a6afe007f9454bcc36eb617a29f8d0540894b48915de883a898886ed1c1d7e3e2dcaadfc4f46e823c3fa8b48a

  • SSDEEP

    12288:GMr1y908s8/EBcsoqTCh8wFliAdwa+aoY90IsH8:fy+82E0AdwarlsH8

Malware Config

Targets

    • Target

      1810f579c8c1823aaf136459959318cfecdd2ebc143c228cb5db69aff9653682

    • Size

      480KB

    • MD5

      31ca8eca92aa92c48f9a08de51e0e610

    • SHA1

      7a507b6e458e2de3cbc9dd48052e4b8ce2d04b68

    • SHA256

      1810f579c8c1823aaf136459959318cfecdd2ebc143c228cb5db69aff9653682

    • SHA512

      90fc93f69bd9a1a7de3ae596d3b95078551dcc2a6afe007f9454bcc36eb617a29f8d0540894b48915de883a898886ed1c1d7e3e2dcaadfc4f46e823c3fa8b48a

    • SSDEEP

      12288:GMr1y908s8/EBcsoqTCh8wFliAdwa+aoY90IsH8:fy+82E0AdwarlsH8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks