General

  • Target

    ad621b8becd131821595f25fa8fdeb8e3bffd499797cab20976e07b1c82721d2

  • Size

    563KB

  • Sample

    241110-dvt2zaycnq

  • MD5

    083f5c2468787af6287d3149c6d24030

  • SHA1

    4058486e9c2cba3dccc29f89d1c64aad54655d0b

  • SHA256

    ad621b8becd131821595f25fa8fdeb8e3bffd499797cab20976e07b1c82721d2

  • SHA512

    a04ea60d414f8c7446224b2c6d5d3f8c88bb38c394e9000fe373379c7683bd8948f7184d7fcbc52a56402b9283290fef42509e5f0be64abc82813b4ab517ad06

  • SSDEEP

    12288:8y90ukP2wQS40T/cbc+8IshjLAuRMEzbAnNDOT/+i:8yFkP2wQS4QcF8Ish3AAGqT2i

Malware Config

Targets

    • Target

      ad621b8becd131821595f25fa8fdeb8e3bffd499797cab20976e07b1c82721d2

    • Size

      563KB

    • MD5

      083f5c2468787af6287d3149c6d24030

    • SHA1

      4058486e9c2cba3dccc29f89d1c64aad54655d0b

    • SHA256

      ad621b8becd131821595f25fa8fdeb8e3bffd499797cab20976e07b1c82721d2

    • SHA512

      a04ea60d414f8c7446224b2c6d5d3f8c88bb38c394e9000fe373379c7683bd8948f7184d7fcbc52a56402b9283290fef42509e5f0be64abc82813b4ab517ad06

    • SSDEEP

      12288:8y90ukP2wQS40T/cbc+8IshjLAuRMEzbAnNDOT/+i:8yFkP2wQS4QcF8Ish3AAGqT2i

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks