General

  • Target

    15408ae01298c48512aefc729057db358d60e6ae88c129d02b96a77a6aacf2f7

  • Size

    563KB

  • Sample

    241110-b7gw3awlgt

  • MD5

    331c40972e91530dc0d9dd059f486652

  • SHA1

    fd1a9b79f07a913b03c79ecb06f1f4a309f65c23

  • SHA256

    15408ae01298c48512aefc729057db358d60e6ae88c129d02b96a77a6aacf2f7

  • SHA512

    3bda006efef859833d640386ba8df6c065fb7337c1f861d948e0d805d6d5cd23ac08bfec0dadfed3495a126a95e49e8967e3330d99e5d08642ebfa8cccf106e4

  • SSDEEP

    12288:Jy90yQH8rkJ6VeI+HXzbOVG2qLoYnIS7XWdxyghM:JyJQH8w8wqqkYI80xs

Malware Config

Targets

    • Target

      15408ae01298c48512aefc729057db358d60e6ae88c129d02b96a77a6aacf2f7

    • Size

      563KB

    • MD5

      331c40972e91530dc0d9dd059f486652

    • SHA1

      fd1a9b79f07a913b03c79ecb06f1f4a309f65c23

    • SHA256

      15408ae01298c48512aefc729057db358d60e6ae88c129d02b96a77a6aacf2f7

    • SHA512

      3bda006efef859833d640386ba8df6c065fb7337c1f861d948e0d805d6d5cd23ac08bfec0dadfed3495a126a95e49e8967e3330d99e5d08642ebfa8cccf106e4

    • SSDEEP

      12288:Jy90yQH8rkJ6VeI+HXzbOVG2qLoYnIS7XWdxyghM:JyJQH8w8wqqkYI80xs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks