General

  • Target

    73985f58d571ab44193b6cbff37b00c1bfd16f04cd8242208a1cb99b37c09dec

  • Size

    827KB

  • Sample

    241109-y6737atren

  • MD5

    5d0a111889ba5d37738afea21fd932a2

  • SHA1

    e300a8b040eff3ddd18605a5ba9a795dae606577

  • SHA256

    73985f58d571ab44193b6cbff37b00c1bfd16f04cd8242208a1cb99b37c09dec

  • SHA512

    b5f1591afa17e9b3ec6b38d912f11f58678480bec21588289dde7ed247c5cf0c7609afe993f9327e4423573457e33345963ce8484ebe469590d393be91faf11d

  • SSDEEP

    12288:cy90cQs6uszaQJtkVRfOqXHqHZezQo67XqMqHmtI1MwplOMKF:cy1QsYoVRf9CesZXemtSP2F

Malware Config

Targets

    • Target

      73985f58d571ab44193b6cbff37b00c1bfd16f04cd8242208a1cb99b37c09dec

    • Size

      827KB

    • MD5

      5d0a111889ba5d37738afea21fd932a2

    • SHA1

      e300a8b040eff3ddd18605a5ba9a795dae606577

    • SHA256

      73985f58d571ab44193b6cbff37b00c1bfd16f04cd8242208a1cb99b37c09dec

    • SHA512

      b5f1591afa17e9b3ec6b38d912f11f58678480bec21588289dde7ed247c5cf0c7609afe993f9327e4423573457e33345963ce8484ebe469590d393be91faf11d

    • SSDEEP

      12288:cy90cQs6uszaQJtkVRfOqXHqHZezQo67XqMqHmtI1MwplOMKF:cy1QsYoVRf9CesZXemtSP2F

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks