General

  • Target

    9d326c1e315e51bcbc8d632b99cc1e41cfa2a52706f7617ca56435c7a482ebad

  • Size

    479KB

  • Sample

    241110-dh81csybrf

  • MD5

    970f4ec84febbc261e9cd3fdec8682bb

  • SHA1

    46c71349ec76953427c7c4ba142b895a398aafb6

  • SHA256

    9d326c1e315e51bcbc8d632b99cc1e41cfa2a52706f7617ca56435c7a482ebad

  • SHA512

    1b319994e995eca84f5484461b568e6bb851ad6350804117544c3041432ea8b3d24289f5b09260336666a18bd0a4b75670becc2bdd1dfe940afe9a5c25d06672

  • SSDEEP

    12288:cMrjy90mRsUH8MLm30gKwlEyIW2RQbWBRR9m4UHRr84wWbOYMz:HypuUPm3xK42mWLRA5HJ843Mz

Malware Config

Targets

    • Target

      9d326c1e315e51bcbc8d632b99cc1e41cfa2a52706f7617ca56435c7a482ebad

    • Size

      479KB

    • MD5

      970f4ec84febbc261e9cd3fdec8682bb

    • SHA1

      46c71349ec76953427c7c4ba142b895a398aafb6

    • SHA256

      9d326c1e315e51bcbc8d632b99cc1e41cfa2a52706f7617ca56435c7a482ebad

    • SHA512

      1b319994e995eca84f5484461b568e6bb851ad6350804117544c3041432ea8b3d24289f5b09260336666a18bd0a4b75670becc2bdd1dfe940afe9a5c25d06672

    • SSDEEP

      12288:cMrjy90mRsUH8MLm30gKwlEyIW2RQbWBRR9m4UHRr84wWbOYMz:HypuUPm3xK42mWLRA5HJ843Mz

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks