General

  • Target

    c2394eef039ba2aeb35cab21a2dec2d0d8ba24638db5f3e589b321252e96b0c9

  • Size

    966KB

  • Sample

    241110-b3hmsswgpp

  • MD5

    adc417abf285395573bf8cdeb68c3dd2

  • SHA1

    2a382c5fd41a4ba8ed78149cc2b75a78068ac6e1

  • SHA256

    c2394eef039ba2aeb35cab21a2dec2d0d8ba24638db5f3e589b321252e96b0c9

  • SHA512

    41016fc862ffdeba40219fb561c60532e7f8a5213214fa7c9d2be518a71e6a2b8df3706dddbb2f2eac85c2e6c6006a56794de8e6ff20562f6dd181b7ab1ff626

  • SSDEEP

    12288:sy90l52EO17cdeIIwGSuSfZZh/QaraOe968E0v8Zu5fZYsi4xumAa1bqzQsqvYu:syYVeIIwGNSRP/9rxV3upUFraWXu

Malware Config

Targets

    • Target

      c2394eef039ba2aeb35cab21a2dec2d0d8ba24638db5f3e589b321252e96b0c9

    • Size

      966KB

    • MD5

      adc417abf285395573bf8cdeb68c3dd2

    • SHA1

      2a382c5fd41a4ba8ed78149cc2b75a78068ac6e1

    • SHA256

      c2394eef039ba2aeb35cab21a2dec2d0d8ba24638db5f3e589b321252e96b0c9

    • SHA512

      41016fc862ffdeba40219fb561c60532e7f8a5213214fa7c9d2be518a71e6a2b8df3706dddbb2f2eac85c2e6c6006a56794de8e6ff20562f6dd181b7ab1ff626

    • SSDEEP

      12288:sy90l52EO17cdeIIwGSuSfZZh/QaraOe968E0v8Zu5fZYsi4xumAa1bqzQsqvYu:syYVeIIwGNSRP/9rxV3upUFraWXu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks