General

  • Target

    bec0caa38bcc699ed47213647853567f07fa5d6b924e70db36777f2505ae97af

  • Size

    560KB

  • Sample

    241110-dwl3raycpr

  • MD5

    74c33c318d02da50677aadb7deee19a7

  • SHA1

    c55f6db0b387b9f942e4fcd33d172d50d2fdcc5b

  • SHA256

    bec0caa38bcc699ed47213647853567f07fa5d6b924e70db36777f2505ae97af

  • SHA512

    d6daa2f8f767e6a50154ec079e69a398a00ded1b4d31db2367fc57ff5a3e25fe4f89656826cd5f846b44fb154654879b362617c107ecb4ba20c605432c56da61

  • SSDEEP

    12288:3y90mMBJdigBZqIWRuf6x3dphZPpFTg1BrudVJWkuor7vBHdgK:3yAzP+INf01d+Nil9gK

Malware Config

Targets

    • Target

      bec0caa38bcc699ed47213647853567f07fa5d6b924e70db36777f2505ae97af

    • Size

      560KB

    • MD5

      74c33c318d02da50677aadb7deee19a7

    • SHA1

      c55f6db0b387b9f942e4fcd33d172d50d2fdcc5b

    • SHA256

      bec0caa38bcc699ed47213647853567f07fa5d6b924e70db36777f2505ae97af

    • SHA512

      d6daa2f8f767e6a50154ec079e69a398a00ded1b4d31db2367fc57ff5a3e25fe4f89656826cd5f846b44fb154654879b362617c107ecb4ba20c605432c56da61

    • SSDEEP

      12288:3y90mMBJdigBZqIWRuf6x3dphZPpFTg1BrudVJWkuor7vBHdgK:3yAzP+INf01d+Nil9gK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks