General

  • Target

    6df258d780c728ca060dc16da8f830cb5a989187d38bc99a74597df9d25ef1dd

  • Size

    706KB

  • Sample

    241110-a5wf1awckf

  • MD5

    5891586f4b6bf5eed5dd495933c54865

  • SHA1

    c9a950af3c583e0be7bd6bb5d52b75039638bf91

  • SHA256

    6df258d780c728ca060dc16da8f830cb5a989187d38bc99a74597df9d25ef1dd

  • SHA512

    725f6ba9c97c70588d415cbe3c46e7ee05a5088232b38460f8d7981d1e25e7df09b036ecb786332ff3e1580e0fd1c1f8c7b8fe4ca3b600893d61b82899f0a775

  • SSDEEP

    12288:ry903iywpzwi2pRHcm44UvNXtEXqIY6zhlyoH5Gw5wqd6OZo:ryWKpzwHcm4bVdrElzZGw+qUOZo

Malware Config

Targets

    • Target

      6df258d780c728ca060dc16da8f830cb5a989187d38bc99a74597df9d25ef1dd

    • Size

      706KB

    • MD5

      5891586f4b6bf5eed5dd495933c54865

    • SHA1

      c9a950af3c583e0be7bd6bb5d52b75039638bf91

    • SHA256

      6df258d780c728ca060dc16da8f830cb5a989187d38bc99a74597df9d25ef1dd

    • SHA512

      725f6ba9c97c70588d415cbe3c46e7ee05a5088232b38460f8d7981d1e25e7df09b036ecb786332ff3e1580e0fd1c1f8c7b8fe4ca3b600893d61b82899f0a775

    • SSDEEP

      12288:ry903iywpzwi2pRHcm44UvNXtEXqIY6zhlyoH5Gw5wqd6OZo:ryWKpzwHcm4bVdrElzZGw+qUOZo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks