General

  • Target

    1e7abcdf7bba9dba7555b7db59997ebd962e44368ff0284bcffe846463f5750e

  • Size

    966KB

  • Sample

    241110-b6kxbsxbjc

  • MD5

    cc3c43f6e8a28c1fd4afce578bed9e3e

  • SHA1

    8669e49b13216db9a505855ee2b137d6b9915ab5

  • SHA256

    1e7abcdf7bba9dba7555b7db59997ebd962e44368ff0284bcffe846463f5750e

  • SHA512

    ae9f3415d444cd1c3adbdc4fd128a63604ac624d099e4e155f864fe500ba941742620b02717464e2a484b87d2f1b4bc6c8b6a34c37307690d9c58d4ee82e1a44

  • SSDEEP

    24576:iyQgBbEfQvUIx3JE1VhNrtTc/W3GC7+w8wbi:JFEfQq1vN6/nC7+0

Malware Config

Targets

    • Target

      1e7abcdf7bba9dba7555b7db59997ebd962e44368ff0284bcffe846463f5750e

    • Size

      966KB

    • MD5

      cc3c43f6e8a28c1fd4afce578bed9e3e

    • SHA1

      8669e49b13216db9a505855ee2b137d6b9915ab5

    • SHA256

      1e7abcdf7bba9dba7555b7db59997ebd962e44368ff0284bcffe846463f5750e

    • SHA512

      ae9f3415d444cd1c3adbdc4fd128a63604ac624d099e4e155f864fe500ba941742620b02717464e2a484b87d2f1b4bc6c8b6a34c37307690d9c58d4ee82e1a44

    • SSDEEP

      24576:iyQgBbEfQvUIx3JE1VhNrtTc/W3GC7+w8wbi:JFEfQq1vN6/nC7+0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks