General

  • Target

    3a741e8922f7659cbf9393c550ea5fb72b5f213455d9fd136db40c7fa10224f3

  • Size

    695KB

  • Sample

    241110-chnhzsxbmj

  • MD5

    62259995b419ae2b1ec14cbcb8dc4fea

  • SHA1

    2978739c8ff74211aa8b4861ef01e404390dbee0

  • SHA256

    3a741e8922f7659cbf9393c550ea5fb72b5f213455d9fd136db40c7fa10224f3

  • SHA512

    fd64d55298e3407d182c6362b23b35c58853e1a3d9dd2314eb6cc08101c255b0fb1b2bd9a6d78f0fa47ec30dec781c902a726d7369064de6416657a874404c79

  • SSDEEP

    12288:fy90J5q8VoeDgAMdwSEHw9UfB2FCMpc3BzuE17RjJ:fyg5q9e0VvEHsUpwCMpMBzRJtJ

Malware Config

Targets

    • Target

      3a741e8922f7659cbf9393c550ea5fb72b5f213455d9fd136db40c7fa10224f3

    • Size

      695KB

    • MD5

      62259995b419ae2b1ec14cbcb8dc4fea

    • SHA1

      2978739c8ff74211aa8b4861ef01e404390dbee0

    • SHA256

      3a741e8922f7659cbf9393c550ea5fb72b5f213455d9fd136db40c7fa10224f3

    • SHA512

      fd64d55298e3407d182c6362b23b35c58853e1a3d9dd2314eb6cc08101c255b0fb1b2bd9a6d78f0fa47ec30dec781c902a726d7369064de6416657a874404c79

    • SSDEEP

      12288:fy90J5q8VoeDgAMdwSEHw9UfB2FCMpc3BzuE17RjJ:fyg5q9e0VvEHsUpwCMpMBzRJtJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks