General

  • Target

    05e2c1efa5aac03629f3383665378b06cb1c3fdbe5d857f42ce7e2b490594f03

  • Size

    566KB

  • Sample

    241110-dhlvtsxnf1

  • MD5

    ebcbd34b753f19e0050d63b3ca9de90b

  • SHA1

    6941987945160861ad308ff56b2041479593122d

  • SHA256

    05e2c1efa5aac03629f3383665378b06cb1c3fdbe5d857f42ce7e2b490594f03

  • SHA512

    c75c8b6d85f7c315bcfa3c00d5a83407d6e189218c1a32ea8c73944293a6573d4bb0101656b3ddf80406dcb49ac3407427135171d96a0602e3a0f2801a03e9c2

  • SSDEEP

    12288:8y90hOIPptS8p4IKWhw2Ow4GXWCSAUyPbWF9miXZtJyNictLDfs8frUQ+n27:8yqrJpi2d4iBbu9mipt4nfraO

Malware Config

Targets

    • Target

      05e2c1efa5aac03629f3383665378b06cb1c3fdbe5d857f42ce7e2b490594f03

    • Size

      566KB

    • MD5

      ebcbd34b753f19e0050d63b3ca9de90b

    • SHA1

      6941987945160861ad308ff56b2041479593122d

    • SHA256

      05e2c1efa5aac03629f3383665378b06cb1c3fdbe5d857f42ce7e2b490594f03

    • SHA512

      c75c8b6d85f7c315bcfa3c00d5a83407d6e189218c1a32ea8c73944293a6573d4bb0101656b3ddf80406dcb49ac3407427135171d96a0602e3a0f2801a03e9c2

    • SSDEEP

      12288:8y90hOIPptS8p4IKWhw2Ow4GXWCSAUyPbWF9miXZtJyNictLDfs8frUQ+n27:8yqrJpi2d4iBbu9mipt4nfraO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks