General

  • Target

    dd1fa2391bdbf81baedbdd72659a6aebc24b3cbbfb2ec06d85109eea01560615N

  • Size

    623KB

  • Sample

    241110-dgkldaybpe

  • MD5

    7147d34e69aa8045fae7f78a601f6c20

  • SHA1

    924a8b50bef52ba2b6af24ddff1be34b7c602684

  • SHA256

    dd1fa2391bdbf81baedbdd72659a6aebc24b3cbbfb2ec06d85109eea01560615

  • SHA512

    17fbe6e4327fce538036a3ab68d0ce75c6c56c989ccede218d7cdc792a9152676993abfecb53d9ff98614bbd66553d54a63ebd5ee2a88b4e135e81e7c3e3f82b

  • SSDEEP

    12288:hy90MYQqlj1SM8slHif+sfXA76Vwu+mDZnF8KU2TTSjK:hyGzR99OvE6uu+IUEmjK

Malware Config

Targets

    • Target

      dd1fa2391bdbf81baedbdd72659a6aebc24b3cbbfb2ec06d85109eea01560615N

    • Size

      623KB

    • MD5

      7147d34e69aa8045fae7f78a601f6c20

    • SHA1

      924a8b50bef52ba2b6af24ddff1be34b7c602684

    • SHA256

      dd1fa2391bdbf81baedbdd72659a6aebc24b3cbbfb2ec06d85109eea01560615

    • SHA512

      17fbe6e4327fce538036a3ab68d0ce75c6c56c989ccede218d7cdc792a9152676993abfecb53d9ff98614bbd66553d54a63ebd5ee2a88b4e135e81e7c3e3f82b

    • SSDEEP

      12288:hy90MYQqlj1SM8slHif+sfXA76Vwu+mDZnF8KU2TTSjK:hyGzR99OvE6uu+IUEmjK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks