General

  • Target

    18b35fbf2a06293ca256d9b358a024d83487e1c5cbd2923529620b9c59f7e529

  • Size

    566KB

  • Sample

    241109-xspt1ssrbj

  • MD5

    52fed8c266e54c54661cba8683b7e84f

  • SHA1

    f1e69ef1e6fb630ceef2f92b0e36a98cface64c4

  • SHA256

    18b35fbf2a06293ca256d9b358a024d83487e1c5cbd2923529620b9c59f7e529

  • SHA512

    b0d4f46bbbd6c3667648a95e0b0fc60878cb2496cacafb2af9a1a0687b10006f6087f15a50c69d33db0e59b93ccca51d646f326f13b4f4c230690005ca04bceb

  • SSDEEP

    12288:ay90QjUiCtk5Vl0YzLqWK4g3Ks+3HwKxfht0R:ay732YnjK4g3j+3Hwkf30R

Malware Config

Targets

    • Target

      18b35fbf2a06293ca256d9b358a024d83487e1c5cbd2923529620b9c59f7e529

    • Size

      566KB

    • MD5

      52fed8c266e54c54661cba8683b7e84f

    • SHA1

      f1e69ef1e6fb630ceef2f92b0e36a98cface64c4

    • SHA256

      18b35fbf2a06293ca256d9b358a024d83487e1c5cbd2923529620b9c59f7e529

    • SHA512

      b0d4f46bbbd6c3667648a95e0b0fc60878cb2496cacafb2af9a1a0687b10006f6087f15a50c69d33db0e59b93ccca51d646f326f13b4f4c230690005ca04bceb

    • SSDEEP

      12288:ay90QjUiCtk5Vl0YzLqWK4g3Ks+3HwKxfht0R:ay732YnjK4g3j+3Hwkf30R

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks