General

  • Target

    5701ec340c27349ccfa23fcca352a45971d96613d6484e2241e6f1c929310255

  • Size

    700KB

  • Sample

    241110-dg72ns1mdq

  • MD5

    5940fe350b429aeb2a3dd7ae711f7e9e

  • SHA1

    4e5e08b9d09d96678cdbc770161638dad5b6a9e0

  • SHA256

    5701ec340c27349ccfa23fcca352a45971d96613d6484e2241e6f1c929310255

  • SHA512

    b5f67baed1f18818f7839239323d2186319828af1e99dde242594ca8c4083889d82c16f60b8740e831eb53cb79f99b5bc404c128f7a8d415144319b79575ca2d

  • SSDEEP

    12288:qy90fUJmTnQ/ivdw3Vw5iccoZOAraUITggO4et09sSTtYvym9aqNASIL3Eu2:qysUJmTnXKVspXOcavgLC9sVvrN9IO

Malware Config

Targets

    • Target

      5701ec340c27349ccfa23fcca352a45971d96613d6484e2241e6f1c929310255

    • Size

      700KB

    • MD5

      5940fe350b429aeb2a3dd7ae711f7e9e

    • SHA1

      4e5e08b9d09d96678cdbc770161638dad5b6a9e0

    • SHA256

      5701ec340c27349ccfa23fcca352a45971d96613d6484e2241e6f1c929310255

    • SHA512

      b5f67baed1f18818f7839239323d2186319828af1e99dde242594ca8c4083889d82c16f60b8740e831eb53cb79f99b5bc404c128f7a8d415144319b79575ca2d

    • SSDEEP

      12288:qy90fUJmTnQ/ivdw3Vw5iccoZOAraUITggO4et09sSTtYvym9aqNASIL3Eu2:qysUJmTnXKVspXOcavgLC9sVvrN9IO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks