General

  • Target

    56160d602c873c42095b5f6b10e176e91203ae709ab84b96d6f46f0e42ab54f8

  • Size

    696KB

  • Sample

    241110-a6k2naymcl

  • MD5

    292a9fc1517348b1f3a1df869fc11743

  • SHA1

    7d349379dae97a75adb5d858baa91c9164de7b15

  • SHA256

    56160d602c873c42095b5f6b10e176e91203ae709ab84b96d6f46f0e42ab54f8

  • SHA512

    b6542b6de93432003e2b5ec22935b7382ce3047054353d091a651fdda894c942999a98a9bfd3b6edeb0033ff4a4bbb7002c56cb68089e328a1c2290ddcf45f75

  • SSDEEP

    12288:2y90lEYQ52FYIJqJLTjbCzIzGGcaL6KpLCSGjJU:2yclJonbUujcadUjJU

Malware Config

Targets

    • Target

      56160d602c873c42095b5f6b10e176e91203ae709ab84b96d6f46f0e42ab54f8

    • Size

      696KB

    • MD5

      292a9fc1517348b1f3a1df869fc11743

    • SHA1

      7d349379dae97a75adb5d858baa91c9164de7b15

    • SHA256

      56160d602c873c42095b5f6b10e176e91203ae709ab84b96d6f46f0e42ab54f8

    • SHA512

      b6542b6de93432003e2b5ec22935b7382ce3047054353d091a651fdda894c942999a98a9bfd3b6edeb0033ff4a4bbb7002c56cb68089e328a1c2290ddcf45f75

    • SSDEEP

      12288:2y90lEYQ52FYIJqJLTjbCzIzGGcaL6KpLCSGjJU:2yclJonbUujcadUjJU

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks