General

  • Target

    26a1f35a1da183bfa87d517023921bfb6811806e48c7777bae97ffaf22a20ea1

  • Size

    706KB

  • Sample

    241109-xt26qszgmp

  • MD5

    4f74c5772ffae4a50a9d56a2e426fc58

  • SHA1

    9979c536414a0b25eed29641ca8569cae83741d4

  • SHA256

    26a1f35a1da183bfa87d517023921bfb6811806e48c7777bae97ffaf22a20ea1

  • SHA512

    605a3d26995cbc27e63a463012e0ba9d795aca6f86966afc7e3ee74213cfd557a883c2f909ec3cadbbf939c614d13cb557aedd8436581e30984c0b702a340447

  • SSDEEP

    12288:Ky90E2S4dQgA1bUnXMCfAIHDskgXHPZeXwX5xJ7hxeGu9Dj/N3iFh7r:Kya1QMdXDsHHkwX5xJl/udj/Bi7r

Malware Config

Targets

    • Target

      26a1f35a1da183bfa87d517023921bfb6811806e48c7777bae97ffaf22a20ea1

    • Size

      706KB

    • MD5

      4f74c5772ffae4a50a9d56a2e426fc58

    • SHA1

      9979c536414a0b25eed29641ca8569cae83741d4

    • SHA256

      26a1f35a1da183bfa87d517023921bfb6811806e48c7777bae97ffaf22a20ea1

    • SHA512

      605a3d26995cbc27e63a463012e0ba9d795aca6f86966afc7e3ee74213cfd557a883c2f909ec3cadbbf939c614d13cb557aedd8436581e30984c0b702a340447

    • SSDEEP

      12288:Ky90E2S4dQgA1bUnXMCfAIHDskgXHPZeXwX5xJ7hxeGu9Dj/N3iFh7r:Kya1QMdXDsHHkwX5xJl/udj/Bi7r

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks