General

  • Target

    96b41fbe6fa55fefd77e1041a0713edee7b62fa94636e18b39ad81f76cfa8d2c

  • Size

    376KB

  • Sample

    241110-ecbcksyfqp

  • MD5

    740efba2a6a63057515e8ae838b22adb

  • SHA1

    50925f63df9f8ddb6c34e884447a2bb8f678424e

  • SHA256

    96b41fbe6fa55fefd77e1041a0713edee7b62fa94636e18b39ad81f76cfa8d2c

  • SHA512

    21b22946cd0c2049af3977cb5a09ad80c6f15cf3cd95ceeeaa2255ca2c60928ab225bc08bf35e3c8550aaaa54ed9d685e3382bc48435e8425a852f4a357b99da

  • SSDEEP

    6144:Kby+bnr+vp0yN90QEX07c3zzyJMq6PNrnObhpqAehJQMn1mNdogD9TBv7Wv15GW:pMr7y907VPNrwpqAeh9n1HgD9T5Wvj9

Malware Config

Targets

    • Target

      96b41fbe6fa55fefd77e1041a0713edee7b62fa94636e18b39ad81f76cfa8d2c

    • Size

      376KB

    • MD5

      740efba2a6a63057515e8ae838b22adb

    • SHA1

      50925f63df9f8ddb6c34e884447a2bb8f678424e

    • SHA256

      96b41fbe6fa55fefd77e1041a0713edee7b62fa94636e18b39ad81f76cfa8d2c

    • SHA512

      21b22946cd0c2049af3977cb5a09ad80c6f15cf3cd95ceeeaa2255ca2c60928ab225bc08bf35e3c8550aaaa54ed9d685e3382bc48435e8425a852f4a357b99da

    • SSDEEP

      6144:Kby+bnr+vp0yN90QEX07c3zzyJMq6PNrnObhpqAehJQMn1mNdogD9TBv7Wv15GW:pMr7y907VPNrwpqAeh9n1HgD9T5Wvj9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks