General

  • Target

    ce1a0498e9fb2dad6067a89ddcf0f8fd7cd9e751ee920bb2c37f841ee83ecb18

  • Size

    707KB

  • Sample

    241110-a6mkgswbmr

  • MD5

    c558000359f699ceff74dcb90772d7a5

  • SHA1

    ce3d1299f09eb48f4e7c06a35839f038b4eb2d16

  • SHA256

    ce1a0498e9fb2dad6067a89ddcf0f8fd7cd9e751ee920bb2c37f841ee83ecb18

  • SHA512

    0834b74d7a2f7b5388f6d1553daf30bc4d612ad0d6ce74d188cb129d446297a819e3c95aff01a887f5709477c0ddc8d3c6fb5ae23de7cb19d5aecdc178cc752b

  • SSDEEP

    12288:Dy90oKkw6WDVB1D3SOh7Uid8dCJa+KXNaS2dnvYmdVaKAlJKZu:DybPy31D3SOqikCJYgLvBgFR

Malware Config

Targets

    • Target

      ce1a0498e9fb2dad6067a89ddcf0f8fd7cd9e751ee920bb2c37f841ee83ecb18

    • Size

      707KB

    • MD5

      c558000359f699ceff74dcb90772d7a5

    • SHA1

      ce3d1299f09eb48f4e7c06a35839f038b4eb2d16

    • SHA256

      ce1a0498e9fb2dad6067a89ddcf0f8fd7cd9e751ee920bb2c37f841ee83ecb18

    • SHA512

      0834b74d7a2f7b5388f6d1553daf30bc4d612ad0d6ce74d188cb129d446297a819e3c95aff01a887f5709477c0ddc8d3c6fb5ae23de7cb19d5aecdc178cc752b

    • SSDEEP

      12288:Dy90oKkw6WDVB1D3SOh7Uid8dCJa+KXNaS2dnvYmdVaKAlJKZu:DybPy31D3SOqikCJYgLvBgFR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks