General

  • Target

    063a40f2e638c02ce9aa9d23c10e41e84b670fc3837ffd4f47c2db9181a6cbe9

  • Size

    480KB

  • Sample

    241110-d5mqmsyjf1

  • MD5

    e39434cf5c4e856517658eb4f6630cf3

  • SHA1

    4be7b47bb616e197660d7eeaa8e8191f91beb5d2

  • SHA256

    063a40f2e638c02ce9aa9d23c10e41e84b670fc3837ffd4f47c2db9181a6cbe9

  • SHA512

    9a7d7ee9b33da1b115035b6a301efec70665ef1e2b4cf4079aeb94427a0811ead2b7348000df12d7e45dbe44143c3f6f43882bd33dc6ea728adf46dc4dfdd53a

  • SSDEEP

    12288:ZMrBy90aeqJUN8YomRR7qwyzZhlehFR1o2IlZC:wyjeqC2XhKVIy

Malware Config

Targets

    • Target

      063a40f2e638c02ce9aa9d23c10e41e84b670fc3837ffd4f47c2db9181a6cbe9

    • Size

      480KB

    • MD5

      e39434cf5c4e856517658eb4f6630cf3

    • SHA1

      4be7b47bb616e197660d7eeaa8e8191f91beb5d2

    • SHA256

      063a40f2e638c02ce9aa9d23c10e41e84b670fc3837ffd4f47c2db9181a6cbe9

    • SHA512

      9a7d7ee9b33da1b115035b6a301efec70665ef1e2b4cf4079aeb94427a0811ead2b7348000df12d7e45dbe44143c3f6f43882bd33dc6ea728adf46dc4dfdd53a

    • SSDEEP

      12288:ZMrBy90aeqJUN8YomRR7qwyzZhlehFR1o2IlZC:wyjeqC2XhKVIy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks