General

  • Target

    b188eca8a3e52cd342a8a24b4a9ca223ecb049dd58ff4027d4c714cde50c97c3

  • Size

    704KB

  • Sample

    241110-dt3ygsycmn

  • MD5

    f4c8cc62b48815624ba9d9a04c5d7068

  • SHA1

    fd43d578e9e30d0d311443887d142c33fccccabd

  • SHA256

    b188eca8a3e52cd342a8a24b4a9ca223ecb049dd58ff4027d4c714cde50c97c3

  • SHA512

    d667b21f561255e2af136f9bd2a642cd7cd61883411f85b46a4e61a570cc4a942529b94abd04c984e31ed52c5b8a3b6abf543fa19617e7b5685edf3d3d1da6af

  • SSDEEP

    12288:Fy90gzcHtvBTYSb9YpQ2CR9oDFMH+mbm4/I3MKqRcmgc54JbD9f5XySxh:FynCyCq6Pn46LcMKGcBcuJbD7XyS/

Malware Config

Targets

    • Target

      b188eca8a3e52cd342a8a24b4a9ca223ecb049dd58ff4027d4c714cde50c97c3

    • Size

      704KB

    • MD5

      f4c8cc62b48815624ba9d9a04c5d7068

    • SHA1

      fd43d578e9e30d0d311443887d142c33fccccabd

    • SHA256

      b188eca8a3e52cd342a8a24b4a9ca223ecb049dd58ff4027d4c714cde50c97c3

    • SHA512

      d667b21f561255e2af136f9bd2a642cd7cd61883411f85b46a4e61a570cc4a942529b94abd04c984e31ed52c5b8a3b6abf543fa19617e7b5685edf3d3d1da6af

    • SSDEEP

      12288:Fy90gzcHtvBTYSb9YpQ2CR9oDFMH+mbm4/I3MKqRcmgc54JbD9f5XySxh:FynCyCq6Pn46LcMKGcBcuJbD7XyS/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks