General

  • Target

    42d36d80c9d4ded35ce53bd8f4aef01ff4a5e8cf36e1d2bfb6e071cca86bfa76N

  • Size

    612KB

  • Sample

    241110-cg3xaaxcqg

  • MD5

    5cc0274b86b54773e0246e17af2c8450

  • SHA1

    b4a600a7724104ccad63605763a1ad56984c7b98

  • SHA256

    42d36d80c9d4ded35ce53bd8f4aef01ff4a5e8cf36e1d2bfb6e071cca86bfa76

  • SHA512

    0b4717193d717eba23453a3e4dedbbbdfe59f803ef45de03ae78d6f31134e8a98b6b71fb86e514677908a7d6e750b171b57fb1f7aeb08e1a61426e99b81a12c8

  • SSDEEP

    12288:4y90oNjOMlpD0nrBhZmhsg4ewNTdI7PKPUnwdMciwq208A/yRgKx:4yxNjTcHUw5K7PKPUnKMcXCfqL

Malware Config

Targets

    • Target

      42d36d80c9d4ded35ce53bd8f4aef01ff4a5e8cf36e1d2bfb6e071cca86bfa76N

    • Size

      612KB

    • MD5

      5cc0274b86b54773e0246e17af2c8450

    • SHA1

      b4a600a7724104ccad63605763a1ad56984c7b98

    • SHA256

      42d36d80c9d4ded35ce53bd8f4aef01ff4a5e8cf36e1d2bfb6e071cca86bfa76

    • SHA512

      0b4717193d717eba23453a3e4dedbbbdfe59f803ef45de03ae78d6f31134e8a98b6b71fb86e514677908a7d6e750b171b57fb1f7aeb08e1a61426e99b81a12c8

    • SSDEEP

      12288:4y90oNjOMlpD0nrBhZmhsg4ewNTdI7PKPUnwdMciwq208A/yRgKx:4yxNjTcHUw5K7PKPUnKMcXCfqL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks