General

  • Target

    c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81

  • Size

    563KB

  • Sample

    241110-eccweayfqq

  • MD5

    64574df4c9121c6a4de6b077bf820c97

  • SHA1

    52ec4d4ecde7bf190b82778b88a5e78e2880b08d

  • SHA256

    c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81

  • SHA512

    684b553cfd703c676b817200a11aba1f9b2e329e3622f59d7d0c4534b3aba2f0d6eeef694445f99b98d8c53e8d132c288e3a9da68160d5083b5fee9de2b0ab24

  • SSDEEP

    12288:ty9064IMeN21lPMtIOEz/0YfzsM1YjJOBn+t:tyt43eN21FWQMYfACYjJO0

Malware Config

Targets

    • Target

      c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81

    • Size

      563KB

    • MD5

      64574df4c9121c6a4de6b077bf820c97

    • SHA1

      52ec4d4ecde7bf190b82778b88a5e78e2880b08d

    • SHA256

      c8e9aa0d1ce1fc19fdc4c07b9657a1d54dbfcccffa6ea92ea2bfa4f468292b81

    • SHA512

      684b553cfd703c676b817200a11aba1f9b2e329e3622f59d7d0c4534b3aba2f0d6eeef694445f99b98d8c53e8d132c288e3a9da68160d5083b5fee9de2b0ab24

    • SSDEEP

      12288:ty9064IMeN21lPMtIOEz/0YfzsM1YjJOBn+t:tyt43eN21FWQMYfACYjJO0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks