General

  • Target

    4af9f2cd2b112142c04539ca78fab49fd73930fb22b2a022b6e1f542f4ba94eb

  • Size

    1000KB

  • Sample

    241109-y8qxpa1hka

  • MD5

    e7d7e321344a60bd7f8f9e9f9655a4a3

  • SHA1

    6236b8372c752844188a1f1a2ce2fb34bf8548c4

  • SHA256

    4af9f2cd2b112142c04539ca78fab49fd73930fb22b2a022b6e1f542f4ba94eb

  • SHA512

    f8afc1ebd5ef6de605c63a4eda5f25e22d285998c815c2976dea6a3912513262ff2392d107edb3ae6677e06fae8006806a4d878a782f30bc006657c814cf4517

  • SSDEEP

    24576:BTLrvnFOPYjIA0NCw+J3Hl+yV5vCoyvIc5zlYWSSpb:prvFqYjbfJV+QvCoyZzt9p

Malware Config

Targets

    • Target

      4af9f2cd2b112142c04539ca78fab49fd73930fb22b2a022b6e1f542f4ba94eb

    • Size

      1000KB

    • MD5

      e7d7e321344a60bd7f8f9e9f9655a4a3

    • SHA1

      6236b8372c752844188a1f1a2ce2fb34bf8548c4

    • SHA256

      4af9f2cd2b112142c04539ca78fab49fd73930fb22b2a022b6e1f542f4ba94eb

    • SHA512

      f8afc1ebd5ef6de605c63a4eda5f25e22d285998c815c2976dea6a3912513262ff2392d107edb3ae6677e06fae8006806a4d878a782f30bc006657c814cf4517

    • SSDEEP

      24576:BTLrvnFOPYjIA0NCw+J3Hl+yV5vCoyvIc5zlYWSSpb:prvFqYjbfJV+QvCoyZzt9p

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks