General

  • Target

    0cbda4d6ce192da1316acfb0f684dfc396c80c590600a5ce8618c5757d1ab589

  • Size

    1.0MB

  • Sample

    241110-dzy7gsxrfy

  • MD5

    0057a66fa3625501301720021b6e6ad4

  • SHA1

    64a92f1d312156a8032722285a6a4c56475abfcc

  • SHA256

    0cbda4d6ce192da1316acfb0f684dfc396c80c590600a5ce8618c5757d1ab589

  • SHA512

    dabb0551fdfed4daf836c679dd53782ad44d5c4bf67c9b704048dc4367c8238d8b2cbba5cec2e5bedebf7bd70be90f66e6a3041794a4345ba700ab652388cd42

  • SSDEEP

    24576:Uyqozlyzrg8VF3OOcZnJvYUY1QEWX8a3KUJf9kyB+G/n3FNKh:jPKNVFRY1FQWfx1joG/3FY

Malware Config

Targets

    • Target

      0cbda4d6ce192da1316acfb0f684dfc396c80c590600a5ce8618c5757d1ab589

    • Size

      1.0MB

    • MD5

      0057a66fa3625501301720021b6e6ad4

    • SHA1

      64a92f1d312156a8032722285a6a4c56475abfcc

    • SHA256

      0cbda4d6ce192da1316acfb0f684dfc396c80c590600a5ce8618c5757d1ab589

    • SHA512

      dabb0551fdfed4daf836c679dd53782ad44d5c4bf67c9b704048dc4367c8238d8b2cbba5cec2e5bedebf7bd70be90f66e6a3041794a4345ba700ab652388cd42

    • SSDEEP

      24576:Uyqozlyzrg8VF3OOcZnJvYUY1QEWX8a3KUJf9kyB+G/n3FNKh:jPKNVFRY1FQWfx1joG/3FY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks