General

  • Target

    f7fb39ad2047e38cb85941a18c46ab5de639ba2e1f42d3b77ab07ec8dbb3c283

  • Size

    706KB

  • Sample

    241110-b8lxeazlej

  • MD5

    036a3a8233b489e8f3c3d745afa9ea22

  • SHA1

    b8458447b366571c6e97b1604a191ced32a3be1a

  • SHA256

    f7fb39ad2047e38cb85941a18c46ab5de639ba2e1f42d3b77ab07ec8dbb3c283

  • SHA512

    aec3de2791bd4ebbdb5e98d5eaebc5c04937c98da667d5ef9615aa7ce9a9638e870b280819c52b770a6c66dd059c6ef068c6d0b121e7f5e910dad17d8588e46a

  • SSDEEP

    12288:2y90jjCPesZ2NYtsVpjmfPdZDYnAhGxWpB2R3FTn11qu0VJEspG/TMny:2yEAP2NllIExWSRIEspM

Malware Config

Targets

    • Target

      f7fb39ad2047e38cb85941a18c46ab5de639ba2e1f42d3b77ab07ec8dbb3c283

    • Size

      706KB

    • MD5

      036a3a8233b489e8f3c3d745afa9ea22

    • SHA1

      b8458447b366571c6e97b1604a191ced32a3be1a

    • SHA256

      f7fb39ad2047e38cb85941a18c46ab5de639ba2e1f42d3b77ab07ec8dbb3c283

    • SHA512

      aec3de2791bd4ebbdb5e98d5eaebc5c04937c98da667d5ef9615aa7ce9a9638e870b280819c52b770a6c66dd059c6ef068c6d0b121e7f5e910dad17d8588e46a

    • SSDEEP

      12288:2y90jjCPesZ2NYtsVpjmfPdZDYnAhGxWpB2R3FTn11qu0VJEspG/TMny:2yEAP2NllIExWSRIEspM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks