General

  • Target

    cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9

  • Size

    611KB

  • Sample

    241110-b5wx7sxaqf

  • MD5

    057e3f9865bf1eb0151ab3a472b61a48

  • SHA1

    59950e90ecd85dcf5aa389c0125cd16f33dc1b4b

  • SHA256

    cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9

  • SHA512

    9389b2f4fc0a5706ed551ea13eaf7c34f8913768e744e0fb6bb1730ee1e11f91a74949cd89756126e5828c118d4a62de724170011049b8eb0bc8feccf5432701

  • SSDEEP

    12288:my90epyVocMsESHsrT7wwpMrYwq2CxjweEVdRItIeYu3:myeVVMsES2MSMr5Ixj+YYC

Malware Config

Targets

    • Target

      cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9

    • Size

      611KB

    • MD5

      057e3f9865bf1eb0151ab3a472b61a48

    • SHA1

      59950e90ecd85dcf5aa389c0125cd16f33dc1b4b

    • SHA256

      cfa8061d81b20ebde3ff08a95311c6a3ab311f8fd89963dd0f62b733077c83a9

    • SHA512

      9389b2f4fc0a5706ed551ea13eaf7c34f8913768e744e0fb6bb1730ee1e11f91a74949cd89756126e5828c118d4a62de724170011049b8eb0bc8feccf5432701

    • SSDEEP

      12288:my90epyVocMsESHsrT7wwpMrYwq2CxjweEVdRItIeYu3:myeVVMsES2MSMr5Ixj+YYC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks