General

  • Target

    ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f

  • Size

    694KB

  • Sample

    241109-xt7q8azgmr

  • MD5

    eee6a1273685411ab5ece61c3384d003

  • SHA1

    efc9c732ab2f0dd4b742d907b9f4f12614e31849

  • SHA256

    ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f

  • SHA512

    823e3bbf2c31aa8321483935fba24804f8868e64caa232340eef3f329b58ff7df0c3bc60c0f194123183288bb9af037e881575d09295d81d29b33b4d3ed279db

  • SSDEEP

    12288:ly90FkQXDkwbfcLIdBS7FTzOA7+/jPW16F+18beKMA+KeaxUh:lywk3wboF+A7p6F+18berVSUh

Malware Config

Targets

    • Target

      ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f

    • Size

      694KB

    • MD5

      eee6a1273685411ab5ece61c3384d003

    • SHA1

      efc9c732ab2f0dd4b742d907b9f4f12614e31849

    • SHA256

      ca44db0fc91f6ab22dc1490bce6749a42f124c089a08fe387a9d56b806840c7f

    • SHA512

      823e3bbf2c31aa8321483935fba24804f8868e64caa232340eef3f329b58ff7df0c3bc60c0f194123183288bb9af037e881575d09295d81d29b33b4d3ed279db

    • SSDEEP

      12288:ly90FkQXDkwbfcLIdBS7FTzOA7+/jPW16F+18beKMA+KeaxUh:lywk3wboF+A7p6F+18berVSUh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks