General

  • Target

    cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61

  • Size

    727KB

  • Sample

    241110-a68gyswbnn

  • MD5

    c9ed0ada7f9607474089c15c94b4d822

  • SHA1

    32242608710c882fb8f819fde7f97d629713d622

  • SHA256

    cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61

  • SHA512

    236d747cbdace6bf8039f783ac27db2e547b6d9f82125401e7e3e1d632a40d08b70228f40bf12f965ea302a70ca45ae2269cd85d91c5c9743106d1228046bcc9

  • SSDEEP

    12288:Jy90lIsfM1z2yEU06edw82h1IfRTeiiubAH9mZUtbuPnI6NatD:JylsfAz2b/12h1I1QueLUI6NM

Malware Config

Targets

    • Target

      cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61

    • Size

      727KB

    • MD5

      c9ed0ada7f9607474089c15c94b4d822

    • SHA1

      32242608710c882fb8f819fde7f97d629713d622

    • SHA256

      cff5f633643d6139a8b936d01681b4bf2f850586a3c862dc000469f147294d61

    • SHA512

      236d747cbdace6bf8039f783ac27db2e547b6d9f82125401e7e3e1d632a40d08b70228f40bf12f965ea302a70ca45ae2269cd85d91c5c9743106d1228046bcc9

    • SSDEEP

      12288:Jy90lIsfM1z2yEU06edw82h1IfRTeiiubAH9mZUtbuPnI6NatD:JylsfAz2b/12h1I1QueLUI6NM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks