General

  • Target

    8f04d90bb336b50c88edd7dc03f6a4fa21989ccbb724f1778d2da870c8037c9e

  • Size

    697KB

  • Sample

    241110-cfxzmswndy

  • MD5

    327c8f5e0e05eaf9e9aa30532ba2d94f

  • SHA1

    521bf0795a335285805a9c6399861b7857604031

  • SHA256

    8f04d90bb336b50c88edd7dc03f6a4fa21989ccbb724f1778d2da870c8037c9e

  • SHA512

    7a5b45bd13314cf8973b9b9560a694ebe3bcb13b3d2ac7106fdb0e17303b1ec0253f17484108ada4ea4f6bd88a50a88d44b6114dd17a86eddd212ae7928d53b6

  • SSDEEP

    12288:ly90YecCo1BpJVXtABfPeCOL5nXdrTs4lCQ2TJBHMKw9Vr8Ngj4Oyb:lyNPXXkuj5nXNTUtBsKw998Ngj6

Malware Config

Targets

    • Target

      8f04d90bb336b50c88edd7dc03f6a4fa21989ccbb724f1778d2da870c8037c9e

    • Size

      697KB

    • MD5

      327c8f5e0e05eaf9e9aa30532ba2d94f

    • SHA1

      521bf0795a335285805a9c6399861b7857604031

    • SHA256

      8f04d90bb336b50c88edd7dc03f6a4fa21989ccbb724f1778d2da870c8037c9e

    • SHA512

      7a5b45bd13314cf8973b9b9560a694ebe3bcb13b3d2ac7106fdb0e17303b1ec0253f17484108ada4ea4f6bd88a50a88d44b6114dd17a86eddd212ae7928d53b6

    • SSDEEP

      12288:ly90YecCo1BpJVXtABfPeCOL5nXdrTs4lCQ2TJBHMKw9Vr8Ngj4Oyb:lyNPXXkuj5nXNTUtBsKw998Ngj6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks