General

  • Target

    d94f1662d50ba9ac0612eb4d3deb1979b309ed6cc341482f908d78ce08317635

  • Size

    828KB

  • Sample

    241110-d6yvasygle

  • MD5

    fc7a9c1dab84de162f367e2367ca7e6e

  • SHA1

    46c79c151666b2de87b3b86a71431137e9b624e0

  • SHA256

    d94f1662d50ba9ac0612eb4d3deb1979b309ed6cc341482f908d78ce08317635

  • SHA512

    c9ee96eb6675abc74577c1492bbdf8e1b1feeffa9a944a2b9f0ffba784e0cefea6ff334938b791ad901d7829da8b266e0f35df23fc361c94ef4e5b130cc0a577

  • SSDEEP

    24576:0yCAgbFAbY+xhfo9QMK7bmzMgdJKlb6o:DZgbybphfAK7bmzMgPKl2

Malware Config

Targets

    • Target

      d94f1662d50ba9ac0612eb4d3deb1979b309ed6cc341482f908d78ce08317635

    • Size

      828KB

    • MD5

      fc7a9c1dab84de162f367e2367ca7e6e

    • SHA1

      46c79c151666b2de87b3b86a71431137e9b624e0

    • SHA256

      d94f1662d50ba9ac0612eb4d3deb1979b309ed6cc341482f908d78ce08317635

    • SHA512

      c9ee96eb6675abc74577c1492bbdf8e1b1feeffa9a944a2b9f0ffba784e0cefea6ff334938b791ad901d7829da8b266e0f35df23fc361c94ef4e5b130cc0a577

    • SSDEEP

      24576:0yCAgbFAbY+xhfo9QMK7bmzMgdJKlb6o:DZgbybphfAK7bmzMgPKl2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks