General

  • Target

    ee39b370d027abb7b4bcc306e0174a107caece346ef159521835e1aeb53337d4

  • Size

    806KB

  • Sample

    241110-asd17avhlj

  • MD5

    37b408c977fb75c82810a777312c8a60

  • SHA1

    5679b67a68a9be3277f733bb9c2e8a7ac3cd5322

  • SHA256

    ee39b370d027abb7b4bcc306e0174a107caece346ef159521835e1aeb53337d4

  • SHA512

    434d225700393ef7dae29c2da87c219f630251215485cc51a91696b9dbb7caa9df80267fa1e5a7c119ab592b1b297ae6b9569927c78b076063d4778e5f9caa12

  • SSDEEP

    12288:hy9021D85W5dyshIVstGbTKAyah1fBl4cmpcXWRQPVhUYOz7LQxEYybrL:hy/nmQFtGaa1pecmpwWRiUY67LHY4

Malware Config

Targets

    • Target

      ee39b370d027abb7b4bcc306e0174a107caece346ef159521835e1aeb53337d4

    • Size

      806KB

    • MD5

      37b408c977fb75c82810a777312c8a60

    • SHA1

      5679b67a68a9be3277f733bb9c2e8a7ac3cd5322

    • SHA256

      ee39b370d027abb7b4bcc306e0174a107caece346ef159521835e1aeb53337d4

    • SHA512

      434d225700393ef7dae29c2da87c219f630251215485cc51a91696b9dbb7caa9df80267fa1e5a7c119ab592b1b297ae6b9569927c78b076063d4778e5f9caa12

    • SSDEEP

      12288:hy9021D85W5dyshIVstGbTKAyah1fBl4cmpcXWRQPVhUYOz7LQxEYybrL:hy/nmQFtGaa1pecmpwWRiUY67LHY4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks