General

  • Target

    3628b64c015f00290ecf7b988ea4e988bf02a094e847339cdd246c9f67919062

  • Size

    562KB

  • Sample

    241110-a4rfnawcje

  • MD5

    581977ff135a734b1525eaa3460ea3cc

  • SHA1

    a8e22e347753d606a94cbde2509f4fc8f798f5b9

  • SHA256

    3628b64c015f00290ecf7b988ea4e988bf02a094e847339cdd246c9f67919062

  • SHA512

    a80a34e62d59b998ecdfb969d24d518a18a163f588bbfe2bdf683259a05c66d3727d17baed1bf47839231b95bc9c2236cdd5b15b297eedb960ee1b9ba599aa63

  • SSDEEP

    6144:2Gp0yN90QEakO/9hfByP05XAEgLpNVdBJaVZSGREdjj368HTQ1QEuMSzbwfeQpzh:6y90QBxgfBgncjLEubMSzbMpTKwTENW

Malware Config

Targets

    • Target

      3628b64c015f00290ecf7b988ea4e988bf02a094e847339cdd246c9f67919062

    • Size

      562KB

    • MD5

      581977ff135a734b1525eaa3460ea3cc

    • SHA1

      a8e22e347753d606a94cbde2509f4fc8f798f5b9

    • SHA256

      3628b64c015f00290ecf7b988ea4e988bf02a094e847339cdd246c9f67919062

    • SHA512

      a80a34e62d59b998ecdfb969d24d518a18a163f588bbfe2bdf683259a05c66d3727d17baed1bf47839231b95bc9c2236cdd5b15b297eedb960ee1b9ba599aa63

    • SSDEEP

      6144:2Gp0yN90QEakO/9hfByP05XAEgLpNVdBJaVZSGREdjj368HTQ1QEuMSzbwfeQpzh:6y90QBxgfBgncjLEubMSzbMpTKwTENW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks