General

  • Target

    f5defca7078f2fe780d198dd901cd05f2840d048e0b2176665d5a0d364400722

  • Size

    479KB

  • Sample

    241110-dmvzasxpex

  • MD5

    8dfadabaf0e5ab43883387171eb99598

  • SHA1

    60b0a71d7be07aac6bee1e57cc16dcab5d0e3357

  • SHA256

    f5defca7078f2fe780d198dd901cd05f2840d048e0b2176665d5a0d364400722

  • SHA512

    1d4f56ae9d23e1db10938cbe0633483a8139f3767fb824149fe783a8f599814596ded039d23ce4decca8900bdce423fb335b11cef7f5b98f6eeca8481683976f

  • SSDEEP

    12288:LMrfy90Wfjk/B5sFbDzaEqi+gL55VydONh3M:gyDfjkn6HzgiDzHT3M

Malware Config

Targets

    • Target

      f5defca7078f2fe780d198dd901cd05f2840d048e0b2176665d5a0d364400722

    • Size

      479KB

    • MD5

      8dfadabaf0e5ab43883387171eb99598

    • SHA1

      60b0a71d7be07aac6bee1e57cc16dcab5d0e3357

    • SHA256

      f5defca7078f2fe780d198dd901cd05f2840d048e0b2176665d5a0d364400722

    • SHA512

      1d4f56ae9d23e1db10938cbe0633483a8139f3767fb824149fe783a8f599814596ded039d23ce4decca8900bdce423fb335b11cef7f5b98f6eeca8481683976f

    • SSDEEP

      12288:LMrfy90Wfjk/B5sFbDzaEqi+gL55VydONh3M:gyDfjkn6HzgiDzHT3M

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks