General

  • Target

    c3b4d41725a9a97fab0309d2d45f6f0e2c6df5fc12360b69d2de2d4704b3cbed

  • Size

    936KB

  • Sample

    241110-dhhheayamk

  • MD5

    c89a46d225214c2a7983f3c5c7cac159

  • SHA1

    5ed7c2aaa31eb1c8402c9acc2a0844926228ecb3

  • SHA256

    c3b4d41725a9a97fab0309d2d45f6f0e2c6df5fc12360b69d2de2d4704b3cbed

  • SHA512

    5fb28d1d6e7fd6d1e34b95c170cb93c18ed6ee3ea5c76923f1d6d138d1097077d883545ea9f70966453784886ba34680ab7b5ad3d9ae240d1b9bd01a9c4f2b05

  • SSDEEP

    24576:iyzQ6buTxoU+Lps1JdPJ2I98vi188NkKXR1WTPW:JzoTxoU+EdLJ186h4

Malware Config

Targets

    • Target

      c3b4d41725a9a97fab0309d2d45f6f0e2c6df5fc12360b69d2de2d4704b3cbed

    • Size

      936KB

    • MD5

      c89a46d225214c2a7983f3c5c7cac159

    • SHA1

      5ed7c2aaa31eb1c8402c9acc2a0844926228ecb3

    • SHA256

      c3b4d41725a9a97fab0309d2d45f6f0e2c6df5fc12360b69d2de2d4704b3cbed

    • SHA512

      5fb28d1d6e7fd6d1e34b95c170cb93c18ed6ee3ea5c76923f1d6d138d1097077d883545ea9f70966453784886ba34680ab7b5ad3d9ae240d1b9bd01a9c4f2b05

    • SSDEEP

      24576:iyzQ6buTxoU+Lps1JdPJ2I98vi188NkKXR1WTPW:JzoTxoU+EdLJ186h4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks