General

  • Target

    fae128cca9757c64220cc2e7dec9bf1a8af2db0f4af2331386071b4421c6e006

  • Size

    923KB

  • Sample

    241109-y2a8natqck

  • MD5

    5e741757cfe52c3898ad2aa44e9f531c

  • SHA1

    2fca5fa71e7fc63f9cb57ba5f3ba31c50ab11359

  • SHA256

    fae128cca9757c64220cc2e7dec9bf1a8af2db0f4af2331386071b4421c6e006

  • SHA512

    cea3dc9db09ca7549dca698341149867e9fad3652bc8d74a66802fbfad5a49c9c68d09edecb22ea339224bd546a64b53c84ee3de80a5bbd598ec0c87401fa464

  • SSDEEP

    24576:my6VTcX7yD35nbLqD7fD0HRRsVyiwD9RnI:1PryDJnXqHfDAsVM9R

Malware Config

Targets

    • Target

      fae128cca9757c64220cc2e7dec9bf1a8af2db0f4af2331386071b4421c6e006

    • Size

      923KB

    • MD5

      5e741757cfe52c3898ad2aa44e9f531c

    • SHA1

      2fca5fa71e7fc63f9cb57ba5f3ba31c50ab11359

    • SHA256

      fae128cca9757c64220cc2e7dec9bf1a8af2db0f4af2331386071b4421c6e006

    • SHA512

      cea3dc9db09ca7549dca698341149867e9fad3652bc8d74a66802fbfad5a49c9c68d09edecb22ea339224bd546a64b53c84ee3de80a5bbd598ec0c87401fa464

    • SSDEEP

      24576:my6VTcX7yD35nbLqD7fD0HRRsVyiwD9RnI:1PryDJnXqHfDAsVM9R

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks