General

  • Target

    93419aa47139b6ee4c3700df05dbff8266f109da7300d5c4925a3357cbef0f69

  • Size

    707KB

  • Sample

    241110-a5cnwsymap

  • MD5

    92ab6bdebb41cdd905f83c427c172362

  • SHA1

    6f84f7cd218d06f3cd9086d33d7dcd974b5bfb11

  • SHA256

    93419aa47139b6ee4c3700df05dbff8266f109da7300d5c4925a3357cbef0f69

  • SHA512

    3dbb6d4d5366dce297bc4bf97ce0c0a9600db0aa5bd0cde78db0c857b5b77698ea8f2393fa545e92530cafa5efc7c2b3c747b1f7e246012cc5eeb9629d7006d0

  • SSDEEP

    12288:Ry90aGeHXLdFWxQWeYXxGF/7lc3mCU3GkKyTdnQsmDXSpAxlb19OlS8bZ0+TU:RyfGWX7obX8/Bc3mR3GBuQzig19OlS8m

Malware Config

Targets

    • Target

      93419aa47139b6ee4c3700df05dbff8266f109da7300d5c4925a3357cbef0f69

    • Size

      707KB

    • MD5

      92ab6bdebb41cdd905f83c427c172362

    • SHA1

      6f84f7cd218d06f3cd9086d33d7dcd974b5bfb11

    • SHA256

      93419aa47139b6ee4c3700df05dbff8266f109da7300d5c4925a3357cbef0f69

    • SHA512

      3dbb6d4d5366dce297bc4bf97ce0c0a9600db0aa5bd0cde78db0c857b5b77698ea8f2393fa545e92530cafa5efc7c2b3c747b1f7e246012cc5eeb9629d7006d0

    • SSDEEP

      12288:Ry90aGeHXLdFWxQWeYXxGF/7lc3mCU3GkKyTdnQsmDXSpAxlb19OlS8bZ0+TU:RyfGWX7obX8/Bc3mR3GBuQzig19OlS8m

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks