General

  • Target

    061fc99a711b80c13890aa8b67bfb41c2791a863dbe19c07f1896a9c83c11a71

  • Size

    567KB

  • Sample

    241110-dwezfaycpp

  • MD5

    f0da1f38a4ef7a8199c31b5d1f94d502

  • SHA1

    4fd5741373941819794f503a259a6eab0e7f9a1a

  • SHA256

    061fc99a711b80c13890aa8b67bfb41c2791a863dbe19c07f1896a9c83c11a71

  • SHA512

    8bcdec697de498e5863d67459ada84f8f118d6f2727b1934d2482cc6e893cd476f2dc430b61373cfc49e17251f348b6f10d70ad6beeafdbdcce695be09bbdac8

  • SSDEEP

    12288:jy90Fm7OJtYX/oXQ0OPWs8i/dy3zoUnP2Cto2+CzR3Cn6g1:jyIm7cA/Xf/eEUHtt+CzR3i6g1

Malware Config

Targets

    • Target

      061fc99a711b80c13890aa8b67bfb41c2791a863dbe19c07f1896a9c83c11a71

    • Size

      567KB

    • MD5

      f0da1f38a4ef7a8199c31b5d1f94d502

    • SHA1

      4fd5741373941819794f503a259a6eab0e7f9a1a

    • SHA256

      061fc99a711b80c13890aa8b67bfb41c2791a863dbe19c07f1896a9c83c11a71

    • SHA512

      8bcdec697de498e5863d67459ada84f8f118d6f2727b1934d2482cc6e893cd476f2dc430b61373cfc49e17251f348b6f10d70ad6beeafdbdcce695be09bbdac8

    • SSDEEP

      12288:jy90Fm7OJtYX/oXQ0OPWs8i/dy3zoUnP2Cto2+CzR3Cn6g1:jyIm7cA/Xf/eEUHtt+CzR3i6g1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks