General

  • Target

    f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f

  • Size

    1.0MB

  • Sample

    241110-b4hzysxanh

  • MD5

    73027f8d9a6ff64c87c429cd07c47244

  • SHA1

    240810cc531ce32fbe64c10bc3dd99ccea7d7cc0

  • SHA256

    f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f

  • SHA512

    bd5e8be9016059524b32ebf364b8c0cda20849da35ba38d53e033b624ed5b28387b6c85a9e59c473600703f421f8e12e6c44e2e70ab967acb8293c325e216eab

  • SSDEEP

    24576:uygcF+4H/Do1xUjeTl/hYFlYe0p5f6tx1heHZcquSgoVry7S0U5:9bFBH/yTRyF5UxKveHZcquSx+

Malware Config

Targets

    • Target

      f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f

    • Size

      1.0MB

    • MD5

      73027f8d9a6ff64c87c429cd07c47244

    • SHA1

      240810cc531ce32fbe64c10bc3dd99ccea7d7cc0

    • SHA256

      f956e2bd7187f8a2882939d999954d2319b8d3134ad038d8fca437582ab0801f

    • SHA512

      bd5e8be9016059524b32ebf364b8c0cda20849da35ba38d53e033b624ed5b28387b6c85a9e59c473600703f421f8e12e6c44e2e70ab967acb8293c325e216eab

    • SSDEEP

      24576:uygcF+4H/Do1xUjeTl/hYFlYe0p5f6tx1heHZcquSgoVry7S0U5:9bFBH/yTRyF5UxKveHZcquSx+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks