General

  • Target

    8034c6a337c98b04d080a240b0b5e2789c6b743e557d03846192cf70346575abN

  • Size

    704KB

  • Sample

    241110-b5ry9axaqd

  • MD5

    cdf57a059d7cf4fc20119f6230635bc0

  • SHA1

    116507d84649915cf508018ab4741b7243b87ff8

  • SHA256

    8034c6a337c98b04d080a240b0b5e2789c6b743e557d03846192cf70346575ab

  • SHA512

    40abbb36d0326299fb29aa99aa33486f0b2a33b6791de5a6ebb5cadcd4174a2978a19b7a794fdff4a8c11c13edb52b4c5e6cc1a0e21e98007dbfb7fcc43d027a

  • SSDEEP

    12288:hy90jTdrpTRG6Vnk9KQLgTCkqvGcDmBiIkEiI33CI1IzCK5IzJM+o/KOIvhu4Ww:hy8hrpTE6VnVQMvqOcOiIXN3rU35IlJ9

Malware Config

Targets

    • Target

      8034c6a337c98b04d080a240b0b5e2789c6b743e557d03846192cf70346575abN

    • Size

      704KB

    • MD5

      cdf57a059d7cf4fc20119f6230635bc0

    • SHA1

      116507d84649915cf508018ab4741b7243b87ff8

    • SHA256

      8034c6a337c98b04d080a240b0b5e2789c6b743e557d03846192cf70346575ab

    • SHA512

      40abbb36d0326299fb29aa99aa33486f0b2a33b6791de5a6ebb5cadcd4174a2978a19b7a794fdff4a8c11c13edb52b4c5e6cc1a0e21e98007dbfb7fcc43d027a

    • SSDEEP

      12288:hy90jTdrpTRG6Vnk9KQLgTCkqvGcDmBiIkEiI33CI1IzCK5IzJM+o/KOIvhu4Ww:hy8hrpTE6VnVQMvqOcOiIXN3rU35IlJ9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks