General

  • Target

    10c10b878d3dd5e124963bc5cdf17ef54c1684b32a99b81a01a1878e82e1524b

  • Size

    706KB

  • Sample

    241110-b8w3dazlem

  • MD5

    1882d88440913634de37cfd1e24c6718

  • SHA1

    3f5039948df2d5c65f47ecef382943ea6f9bb717

  • SHA256

    10c10b878d3dd5e124963bc5cdf17ef54c1684b32a99b81a01a1878e82e1524b

  • SHA512

    285b7ca25de93e7d103592e76bcad5a075c81cef01305f186df6ed34338d19af714a76a052403a0a7508a04f7643496c12f5f01755d528c7c7e22d2142fd0946

  • SSDEEP

    12288:Cy905vvsZSmhc+nrc5BL/NzVrn8h9Dpw180CRAXZtRhvzNcQyvdKuo:CyQvsQxNzVr8hfX4FhWdRo

Malware Config

Targets

    • Target

      10c10b878d3dd5e124963bc5cdf17ef54c1684b32a99b81a01a1878e82e1524b

    • Size

      706KB

    • MD5

      1882d88440913634de37cfd1e24c6718

    • SHA1

      3f5039948df2d5c65f47ecef382943ea6f9bb717

    • SHA256

      10c10b878d3dd5e124963bc5cdf17ef54c1684b32a99b81a01a1878e82e1524b

    • SHA512

      285b7ca25de93e7d103592e76bcad5a075c81cef01305f186df6ed34338d19af714a76a052403a0a7508a04f7643496c12f5f01755d528c7c7e22d2142fd0946

    • SSDEEP

      12288:Cy905vvsZSmhc+nrc5BL/NzVrn8h9Dpw180CRAXZtRhvzNcQyvdKuo:CyQvsQxNzVr8hfX4FhWdRo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks