General

  • Target

    3f75993b08d25404158dd7bb6d0ecc54ef057923105e39800f5b60f1793c9946

  • Size

    704KB

  • Sample

    241109-za474a1hmq

  • MD5

    3ee0b87db42039bb780222af37ff6ea0

  • SHA1

    cd92b6a8b1c9e244c2b6ded813b14a0dc66375af

  • SHA256

    3f75993b08d25404158dd7bb6d0ecc54ef057923105e39800f5b60f1793c9946

  • SHA512

    31298474eb864774c500fbb1858c1fefa93cbdb49deff85e554b0de416b378ed2e62e11ce375d674e25420f890a5620adf0f2c87f6264683273a7568c8c281fd

  • SSDEEP

    12288:7y90p7q977L4vvc/D+5uXBV1l3MKX/cmaA5+w12Vd0Dw:7yn9nL4vvcbkuTDMKPczA8y2VaDw

Malware Config

Targets

    • Target

      3f75993b08d25404158dd7bb6d0ecc54ef057923105e39800f5b60f1793c9946

    • Size

      704KB

    • MD5

      3ee0b87db42039bb780222af37ff6ea0

    • SHA1

      cd92b6a8b1c9e244c2b6ded813b14a0dc66375af

    • SHA256

      3f75993b08d25404158dd7bb6d0ecc54ef057923105e39800f5b60f1793c9946

    • SHA512

      31298474eb864774c500fbb1858c1fefa93cbdb49deff85e554b0de416b378ed2e62e11ce375d674e25420f890a5620adf0f2c87f6264683273a7568c8c281fd

    • SSDEEP

      12288:7y90p7q977L4vvc/D+5uXBV1l3MKX/cmaA5+w12Vd0Dw:7yn9nL4vvcbkuTDMKPczA8y2VaDw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks