General

  • Target

    41de133de455f7100695f2453fa8880498c5f01f47799bbb4c19bc10e3c7ba35

  • Size

    966KB

  • Sample

    241110-d93yesyhjb

  • MD5

    cfcc5f5c0c74354bb9d7190becb4bf7a

  • SHA1

    4b913e499a0ce6b87ff64f225c41336d943413c6

  • SHA256

    41de133de455f7100695f2453fa8880498c5f01f47799bbb4c19bc10e3c7ba35

  • SHA512

    0bff45aec27824d4b695096db43eb92c917019c92b5aff4d1791f2448cc5de6a47520ce08a6a1e4a1dc958fbb9bff04422540e6a7501ae27b1b0fbc79c934553

  • SSDEEP

    24576:7yFI+6xw2JKFJ+mbX4hQGc07vFcVh9usAD5IPtjv:uDCwFFtb4hQNYvihRAyPJ

Malware Config

Targets

    • Target

      41de133de455f7100695f2453fa8880498c5f01f47799bbb4c19bc10e3c7ba35

    • Size

      966KB

    • MD5

      cfcc5f5c0c74354bb9d7190becb4bf7a

    • SHA1

      4b913e499a0ce6b87ff64f225c41336d943413c6

    • SHA256

      41de133de455f7100695f2453fa8880498c5f01f47799bbb4c19bc10e3c7ba35

    • SHA512

      0bff45aec27824d4b695096db43eb92c917019c92b5aff4d1791f2448cc5de6a47520ce08a6a1e4a1dc958fbb9bff04422540e6a7501ae27b1b0fbc79c934553

    • SSDEEP

      24576:7yFI+6xw2JKFJ+mbX4hQGc07vFcVh9usAD5IPtjv:uDCwFFtb4hQNYvihRAyPJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks