General

  • Target

    c0f43aaaf754dbfa0adf54669e3c9cf6d19dccc4288c06421b509a85e4e03173

  • Size

    706KB

  • Sample

    241110-a7abjsvney

  • MD5

    6a19be1c31bab5210817b160f78c7495

  • SHA1

    dbeac727c7bb3a69a526f0be6027add3de6e0f4c

  • SHA256

    c0f43aaaf754dbfa0adf54669e3c9cf6d19dccc4288c06421b509a85e4e03173

  • SHA512

    fc37b502d07b64a5df537b2ea90280a1e4394de2b5663ceab5f8822e0f5152b9d08163e72c25d8766a142392a6d591a40b1ea759acd5db6bdb799ba6c701cc6a

  • SSDEEP

    12288:/y90R82TGdO8Nz6aJV2N3yx0ngrCiU3O7SGEniKAUQIpkJ:/yK6O8BpJV2F8U3AKZARJ

Malware Config

Targets

    • Target

      c0f43aaaf754dbfa0adf54669e3c9cf6d19dccc4288c06421b509a85e4e03173

    • Size

      706KB

    • MD5

      6a19be1c31bab5210817b160f78c7495

    • SHA1

      dbeac727c7bb3a69a526f0be6027add3de6e0f4c

    • SHA256

      c0f43aaaf754dbfa0adf54669e3c9cf6d19dccc4288c06421b509a85e4e03173

    • SHA512

      fc37b502d07b64a5df537b2ea90280a1e4394de2b5663ceab5f8822e0f5152b9d08163e72c25d8766a142392a6d591a40b1ea759acd5db6bdb799ba6c701cc6a

    • SSDEEP

      12288:/y90R82TGdO8Nz6aJV2N3yx0ngrCiU3O7SGEniKAUQIpkJ:/yK6O8BpJV2F8U3AKZARJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks