General

  • Target

    2d75a46d630cd1afee198e1ee598667e115509f7174e94ca1fd291c46341ad91

  • Size

    695KB

  • Sample

    241110-d67r7sykaw

  • MD5

    8fc505222d3222792af7ca19a4119a67

  • SHA1

    5e8146a3bc3914f8ba1904c1cd927aa629f0c330

  • SHA256

    2d75a46d630cd1afee198e1ee598667e115509f7174e94ca1fd291c46341ad91

  • SHA512

    aa6cf3a6cefcf7dd35db3ba5a30e5a66e8d9707a4e91fe90017fa531d3217da5c44c283f238bfbd2658868288d91a3223f0409144dfe01d54602f2f86e5d3c4c

  • SSDEEP

    12288:ry903e2OJ7l+88L03R8vbvJ/EL7HUStqxkdWq4SbZe7ZV72tm:ry17l+nA3mLN47HUrkBbZUZh5

Malware Config

Targets

    • Target

      2d75a46d630cd1afee198e1ee598667e115509f7174e94ca1fd291c46341ad91

    • Size

      695KB

    • MD5

      8fc505222d3222792af7ca19a4119a67

    • SHA1

      5e8146a3bc3914f8ba1904c1cd927aa629f0c330

    • SHA256

      2d75a46d630cd1afee198e1ee598667e115509f7174e94ca1fd291c46341ad91

    • SHA512

      aa6cf3a6cefcf7dd35db3ba5a30e5a66e8d9707a4e91fe90017fa531d3217da5c44c283f238bfbd2658868288d91a3223f0409144dfe01d54602f2f86e5d3c4c

    • SSDEEP

      12288:ry903e2OJ7l+88L03R8vbvJ/EL7HUStqxkdWq4SbZe7ZV72tm:ry17l+nA3mLN47HUrkBbZUZh5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks