General

  • Target

    e42245e8bd7a37984b5fedee9b58751298fb69a68fbdb47dde0be20af2caae16

  • Size

    1.2MB

  • Sample

    241110-bva8rawgqb

  • MD5

    3283fa97b5dad7dd0c6b309fc9acb153

  • SHA1

    c3773d0b2051f141bede8947467d54c04625ba49

  • SHA256

    e42245e8bd7a37984b5fedee9b58751298fb69a68fbdb47dde0be20af2caae16

  • SHA512

    9f95bac67b231177783c8975eed6ae5b1ca630f3377905f2a92546b0b2f649dfcf25f6fa515f9de7ceaa487f84326f713c15a1567cbfb9a316c11853c590ad4a

  • SSDEEP

    24576:NDTWYG5l2s+JcVCjiT/r0PTcuGzPP5lMcvBxenYLi1OuheoxY7qYV2GSBm:NDpG5wcVCjiTDbb35G0BjiUuh7xXw2L

Malware Config

Targets

    • Target

      e42245e8bd7a37984b5fedee9b58751298fb69a68fbdb47dde0be20af2caae16

    • Size

      1.2MB

    • MD5

      3283fa97b5dad7dd0c6b309fc9acb153

    • SHA1

      c3773d0b2051f141bede8947467d54c04625ba49

    • SHA256

      e42245e8bd7a37984b5fedee9b58751298fb69a68fbdb47dde0be20af2caae16

    • SHA512

      9f95bac67b231177783c8975eed6ae5b1ca630f3377905f2a92546b0b2f649dfcf25f6fa515f9de7ceaa487f84326f713c15a1567cbfb9a316c11853c590ad4a

    • SSDEEP

      24576:NDTWYG5l2s+JcVCjiT/r0PTcuGzPP5lMcvBxenYLi1OuheoxY7qYV2GSBm:NDpG5wcVCjiTDbb35G0BjiUuh7xXw2L

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks