General

  • Target

    da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b

  • Size

    690KB

  • Sample

    241110-bz3hsszjhj

  • MD5

    0cc581cf14c4ca70d35c901df43b682f

  • SHA1

    d0537f1552e509b59b212a7e77c577187c147942

  • SHA256

    da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b

  • SHA512

    e2392ce4099ddc79b9a5069b3817e679740b638d3ea25f7977a498e683248e5a2d115d2f3de5ca3b0cdf3dae78189e8bd162040ebb0ff47cb61b1feac033ed48

  • SSDEEP

    12288:Iy90C5Q3ygkjuY9sStK91gp20p6DWx0+5E2FmBiOsh:IyU3tY/wJ66DCu2FYkh

Malware Config

Targets

    • Target

      da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b

    • Size

      690KB

    • MD5

      0cc581cf14c4ca70d35c901df43b682f

    • SHA1

      d0537f1552e509b59b212a7e77c577187c147942

    • SHA256

      da0f4b326af173c8e18b81fd44d60781e4cdbaa5534ee796949f2271be08ab3b

    • SHA512

      e2392ce4099ddc79b9a5069b3817e679740b638d3ea25f7977a498e683248e5a2d115d2f3de5ca3b0cdf3dae78189e8bd162040ebb0ff47cb61b1feac033ed48

    • SSDEEP

      12288:Iy90C5Q3ygkjuY9sStK91gp20p6DWx0+5E2FmBiOsh:IyU3tY/wJ66DCu2FYkh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks