General

  • Target

    fae11ff33df372cfc27eb8c03f2a6da1af89522e0dfcd42d7a26ec62ecb5d723

  • Size

    695KB

  • Sample

    241110-b9evgszlfm

  • MD5

    61c9ef8794b0e99290116b1336b475ae

  • SHA1

    d9dd6f5b0f7547b2ef1f65c722210a9032640aeb

  • SHA256

    fae11ff33df372cfc27eb8c03f2a6da1af89522e0dfcd42d7a26ec62ecb5d723

  • SHA512

    b9f38caf9cedbffc9cdce749059da7c731b5e4da6c2051b37da0d03cc95f20ece4b6279ec426367402e93149362424fc1e7014ca92b5537cccee11718e65c683

  • SSDEEP

    12288:ay90OD4/x2o0ns/bmf9BDcMMnhxNePiO0fBzFrCpc3Bjw+hb/+:ay3WF0ns/bM9BDcB4Pl0p5rCpcBj9U

Malware Config

Targets

    • Target

      fae11ff33df372cfc27eb8c03f2a6da1af89522e0dfcd42d7a26ec62ecb5d723

    • Size

      695KB

    • MD5

      61c9ef8794b0e99290116b1336b475ae

    • SHA1

      d9dd6f5b0f7547b2ef1f65c722210a9032640aeb

    • SHA256

      fae11ff33df372cfc27eb8c03f2a6da1af89522e0dfcd42d7a26ec62ecb5d723

    • SHA512

      b9f38caf9cedbffc9cdce749059da7c731b5e4da6c2051b37da0d03cc95f20ece4b6279ec426367402e93149362424fc1e7014ca92b5537cccee11718e65c683

    • SSDEEP

      12288:ay90OD4/x2o0ns/bmf9BDcMMnhxNePiO0fBzFrCpc3Bjw+hb/+:ay3WF0ns/bM9BDcB4Pl0p5rCpcBj9U

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks