General

  • Target

    c52f5483f565321cd9b165afe0b55ff52f85b5b1f17646fe2215e1b3ad831bda

  • Size

    828KB

  • Sample

    241110-dhyvdsxngt

  • MD5

    569a46f2effbb812b298698f895989e9

  • SHA1

    379da4ad055c26479ad85e71e87a01626b6759ad

  • SHA256

    c52f5483f565321cd9b165afe0b55ff52f85b5b1f17646fe2215e1b3ad831bda

  • SHA512

    cb6235228fc6ed4e090db53537f7b9774a6b0f700d4dcc00404c274b8fc6c04a97830dfd3aceec1a081fddeb381c30e9f731cffa7da74b048fba0f7bf924517a

  • SSDEEP

    24576:UyQ2v85KRYm0anJ1FyxpPSbpXEmbrNY4ln:jQ205ban8xpP+XEmbht

Malware Config

Targets

    • Target

      c52f5483f565321cd9b165afe0b55ff52f85b5b1f17646fe2215e1b3ad831bda

    • Size

      828KB

    • MD5

      569a46f2effbb812b298698f895989e9

    • SHA1

      379da4ad055c26479ad85e71e87a01626b6759ad

    • SHA256

      c52f5483f565321cd9b165afe0b55ff52f85b5b1f17646fe2215e1b3ad831bda

    • SHA512

      cb6235228fc6ed4e090db53537f7b9774a6b0f700d4dcc00404c274b8fc6c04a97830dfd3aceec1a081fddeb381c30e9f731cffa7da74b048fba0f7bf924517a

    • SSDEEP

      24576:UyQ2v85KRYm0anJ1FyxpPSbpXEmbrNY4ln:jQ205ban8xpP+XEmbht

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks