General

  • Target

    3d2f664fee01b4e614dcdf33a8e55a7af68b034e25aeca9f101fa747d4a4fec0

  • Size

    1.2MB

  • Sample

    241110-bs3j8awjav

  • MD5

    d590cf00aa88c6f2efc2247370e7c086

  • SHA1

    ecb3bd7dac1730ffd24da32d59dfcf78c9ccee07

  • SHA256

    3d2f664fee01b4e614dcdf33a8e55a7af68b034e25aeca9f101fa747d4a4fec0

  • SHA512

    12c3278414f37ab4782a673f7b545778fbc6bf6b7636dc58124ec26a777b8c11b8344529ca98b4f0f6acb0d77a5136e3dd1562d3564f82ef34e7eac6ce299b82

  • SSDEEP

    24576:IYAVCfN05jEKvD1eqB6QLUIHZinS07gPUSko5622+s:IY1NsVN654ZiE1ko5Q+

Malware Config

Targets

    • Target

      3d2f664fee01b4e614dcdf33a8e55a7af68b034e25aeca9f101fa747d4a4fec0

    • Size

      1.2MB

    • MD5

      d590cf00aa88c6f2efc2247370e7c086

    • SHA1

      ecb3bd7dac1730ffd24da32d59dfcf78c9ccee07

    • SHA256

      3d2f664fee01b4e614dcdf33a8e55a7af68b034e25aeca9f101fa747d4a4fec0

    • SHA512

      12c3278414f37ab4782a673f7b545778fbc6bf6b7636dc58124ec26a777b8c11b8344529ca98b4f0f6acb0d77a5136e3dd1562d3564f82ef34e7eac6ce299b82

    • SSDEEP

      24576:IYAVCfN05jEKvD1eqB6QLUIHZinS07gPUSko5622+s:IY1NsVN654ZiE1ko5Q+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks