General

  • Target

    cf25a481f52bd566513285d9b773cef19c171beaec767643ddb0e9f8e4bc4bd9

  • Size

    480KB

  • Sample

    241110-d5gjma1rfp

  • MD5

    cd2aee623d38c911395d4af4e298a904

  • SHA1

    924d0a5aa61bf4b44f6b619e2295cb1220ab0c31

  • SHA256

    cf25a481f52bd566513285d9b773cef19c171beaec767643ddb0e9f8e4bc4bd9

  • SHA512

    c4b3797ab611b66989886e688a34d4276a2ebcdcab979e74b5d305273f962b6d57502598e1fef34030756892098f8fef4af2d21e8a200495897737bee133bcb6

  • SSDEEP

    12288:MMrVy90VfsU0lpxc5O1vNoQtl1GuVWdjTj786:hyvu5qNbt3GuVWdHB

Malware Config

Targets

    • Target

      cf25a481f52bd566513285d9b773cef19c171beaec767643ddb0e9f8e4bc4bd9

    • Size

      480KB

    • MD5

      cd2aee623d38c911395d4af4e298a904

    • SHA1

      924d0a5aa61bf4b44f6b619e2295cb1220ab0c31

    • SHA256

      cf25a481f52bd566513285d9b773cef19c171beaec767643ddb0e9f8e4bc4bd9

    • SHA512

      c4b3797ab611b66989886e688a34d4276a2ebcdcab979e74b5d305273f962b6d57502598e1fef34030756892098f8fef4af2d21e8a200495897737bee133bcb6

    • SSDEEP

      12288:MMrVy90VfsU0lpxc5O1vNoQtl1GuVWdjTj786:hyvu5qNbt3GuVWdHB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks