General

  • Target

    d42b76450efdd25653038373de590e8e28f39eb9e5fecceed8d7a52e52be4bc6

  • Size

    479KB

  • Sample

    241110-eb17lsyla1

  • MD5

    51549a0087bc6149b68ed138d160d4aa

  • SHA1

    5d8ca66fe2eda668389cc8938ed6bb5a29c6873c

  • SHA256

    d42b76450efdd25653038373de590e8e28f39eb9e5fecceed8d7a52e52be4bc6

  • SHA512

    458f37542d03e2b6ae2c682537e727356fc20dfc4a95ad1875252eaab77ae0c97b937461eb570edd1bcf17cd517a47b86efa7bcb3f69b8182995fd49092cafdd

  • SSDEEP

    12288:TMryy90zZqMB+QMzhAURC0qsMmLqYgiN42jD7KG:VyenMzhN40qVmLq/idKG

Malware Config

Targets

    • Target

      d42b76450efdd25653038373de590e8e28f39eb9e5fecceed8d7a52e52be4bc6

    • Size

      479KB

    • MD5

      51549a0087bc6149b68ed138d160d4aa

    • SHA1

      5d8ca66fe2eda668389cc8938ed6bb5a29c6873c

    • SHA256

      d42b76450efdd25653038373de590e8e28f39eb9e5fecceed8d7a52e52be4bc6

    • SHA512

      458f37542d03e2b6ae2c682537e727356fc20dfc4a95ad1875252eaab77ae0c97b937461eb570edd1bcf17cd517a47b86efa7bcb3f69b8182995fd49092cafdd

    • SSDEEP

      12288:TMryy90zZqMB+QMzhAURC0qsMmLqYgiN42jD7KG:VyenMzhN40qVmLq/idKG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks