General

  • Target

    fc7a1b408b7bfa2f85e50079be81c33a691e8b8687ac5364408705230284dd58

  • Size

    922KB

  • Sample

    241110-a4y6havnax

  • MD5

    6d53b1a341c8be2a4e6e4d99b1cf2609

  • SHA1

    ca982695f69c604beae79a6f746bba0c585c8e44

  • SHA256

    fc7a1b408b7bfa2f85e50079be81c33a691e8b8687ac5364408705230284dd58

  • SHA512

    43ddb645db19124c0e3492bb135b50321c8ec63dd245aa8ae690a90215dbfeb8abdf63272110eff0a9af7f57b7158d41227bbd871066b287e7178b391398f074

  • SSDEEP

    12288:Ey900j92KCAr7s111nkDVpP5qoBlPnTqHRxIq75Vn8J09kT8EmFgodAdHGAI5MuX:EycKV70nWDoalPTWxIqI1mWodV5MOs0

Malware Config

Targets

    • Target

      fc7a1b408b7bfa2f85e50079be81c33a691e8b8687ac5364408705230284dd58

    • Size

      922KB

    • MD5

      6d53b1a341c8be2a4e6e4d99b1cf2609

    • SHA1

      ca982695f69c604beae79a6f746bba0c585c8e44

    • SHA256

      fc7a1b408b7bfa2f85e50079be81c33a691e8b8687ac5364408705230284dd58

    • SHA512

      43ddb645db19124c0e3492bb135b50321c8ec63dd245aa8ae690a90215dbfeb8abdf63272110eff0a9af7f57b7158d41227bbd871066b287e7178b391398f074

    • SSDEEP

      12288:Ey900j92KCAr7s111nkDVpP5qoBlPnTqHRxIq75Vn8J09kT8EmFgodAdHGAI5MuX:EycKV70nWDoalPTWxIqI1mWodV5MOs0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks