General

  • Target

    a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b

  • Size

    1.1MB

  • Sample

    241109-xsj9jazfqd

  • MD5

    f06fed13d630223e163547ec07f40194

  • SHA1

    3744f0c0992933a218e64c32d2687eb71fdf98f4

  • SHA256

    a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b

  • SHA512

    b3f1f78b5da80e0079dc60e0d63a20c2e7ca0c84845170164b85e55bd178ca80220ca258a7176cd09f7c88aa10c0220932dede523c4073df3d33fe4934ba5eb7

  • SSDEEP

    24576:xyOHCcOeMzJN4htDmka6wp8TGbdXkA+AUnF+bOCr0jYrdB:k2CcOeM34zpa6wGQ+A+MX0

Malware Config

Targets

    • Target

      a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b

    • Size

      1.1MB

    • MD5

      f06fed13d630223e163547ec07f40194

    • SHA1

      3744f0c0992933a218e64c32d2687eb71fdf98f4

    • SHA256

      a1364913cd1c0e0bd5e1bf0f14056b558cb3d98d1d4d585315d85b695ad99b9b

    • SHA512

      b3f1f78b5da80e0079dc60e0d63a20c2e7ca0c84845170164b85e55bd178ca80220ca258a7176cd09f7c88aa10c0220932dede523c4073df3d33fe4934ba5eb7

    • SSDEEP

      24576:xyOHCcOeMzJN4htDmka6wp8TGbdXkA+AUnF+bOCr0jYrdB:k2CcOeM34zpa6wGQ+A+MX0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks