General

  • Target

    3e18b1a704d0e58707902e3b93a9b71969bfc94738a3815b21ee06cf51ef4e84

  • Size

    1.2MB

  • Sample

    241110-avbzlsvhnr

  • MD5

    e74da4dda638ae17c78b9471054d1d41

  • SHA1

    fb8304c7a8c7b576797bf1fd18fc6809dc0ac494

  • SHA256

    3e18b1a704d0e58707902e3b93a9b71969bfc94738a3815b21ee06cf51ef4e84

  • SHA512

    a6d4336b6148613818dd8687de9b1be9fe1749ba429c983fd59126556e07c298f1106f7e38f6ef26b6219ca0da49034cc3382790761d938270c4fba6ca7e90fb

  • SSDEEP

    24576:OYAVCfN05jEKvD1eqB6QLUIHZinS07gPUSko5622+s:OY1NsVN654ZiE1ko5Q+

Malware Config

Targets

    • Target

      3e18b1a704d0e58707902e3b93a9b71969bfc94738a3815b21ee06cf51ef4e84

    • Size

      1.2MB

    • MD5

      e74da4dda638ae17c78b9471054d1d41

    • SHA1

      fb8304c7a8c7b576797bf1fd18fc6809dc0ac494

    • SHA256

      3e18b1a704d0e58707902e3b93a9b71969bfc94738a3815b21ee06cf51ef4e84

    • SHA512

      a6d4336b6148613818dd8687de9b1be9fe1749ba429c983fd59126556e07c298f1106f7e38f6ef26b6219ca0da49034cc3382790761d938270c4fba6ca7e90fb

    • SSDEEP

      24576:OYAVCfN05jEKvD1eqB6QLUIHZinS07gPUSko5622+s:OY1NsVN654ZiE1ko5Q+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks