General

  • Target

    d5b9f9b52c0d5981b3b2d4127f9e265a69120746b0d9b841715a6beeb497606a

  • Size

    569KB

  • Sample

    241110-b3lpfswgpq

  • MD5

    d638992d0105a5c94f2f88e541fc134a

  • SHA1

    3f31a3d351e6d4becf98e69f01599cada1dbb91f

  • SHA256

    d5b9f9b52c0d5981b3b2d4127f9e265a69120746b0d9b841715a6beeb497606a

  • SHA512

    373d2946078cacbc14d15ae555ed900fce01bfadb75cd8d150f4dbb8edfa3b0658564a59b900f4a5a868de4707b02e5a1c4f6d659ffdcd3d5798341eb702503b

  • SSDEEP

    12288:hy90D6n8EI6r+SEHV4zM5TV6xE9JSOdL86/eQ850zeBpjwk7eYR:hyM6n8EI2U4o5TwEP5zOj5wIeYR

Malware Config

Targets

    • Target

      d5b9f9b52c0d5981b3b2d4127f9e265a69120746b0d9b841715a6beeb497606a

    • Size

      569KB

    • MD5

      d638992d0105a5c94f2f88e541fc134a

    • SHA1

      3f31a3d351e6d4becf98e69f01599cada1dbb91f

    • SHA256

      d5b9f9b52c0d5981b3b2d4127f9e265a69120746b0d9b841715a6beeb497606a

    • SHA512

      373d2946078cacbc14d15ae555ed900fce01bfadb75cd8d150f4dbb8edfa3b0658564a59b900f4a5a868de4707b02e5a1c4f6d659ffdcd3d5798341eb702503b

    • SSDEEP

      12288:hy90D6n8EI6r+SEHV4zM5TV6xE9JSOdL86/eQ850zeBpjwk7eYR:hyM6n8EI2U4o5TwEP5zOj5wIeYR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks