General

  • Target

    2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b

  • Size

    563KB

  • Sample

    241110-ecfx3aylb1

  • MD5

    637cb972aaf29d9a049593cf3d501729

  • SHA1

    c1d70dca288ff6efd9c46685366e4173e8cfa18b

  • SHA256

    2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b

  • SHA512

    cba9c5be1c3560e1c22ad9c614f188bdd347fe05313e1af2a6420d717c15f0b9618ceaee541463e1bc8e20c74e333af0a77bb7055558e6005da85dcea9ab21b8

  • SSDEEP

    12288:xy90slLTnE44S/3ok3QT7hOH2EmCei6KkWG22u8Jvxsu:xy5f4S/4TTF82VI6K02bsJsu

Malware Config

Targets

    • Target

      2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b

    • Size

      563KB

    • MD5

      637cb972aaf29d9a049593cf3d501729

    • SHA1

      c1d70dca288ff6efd9c46685366e4173e8cfa18b

    • SHA256

      2180ce08ea1f660d3151c66f3c8f5f2624472731be2d5b8b2d6607cb8f6eeb7b

    • SHA512

      cba9c5be1c3560e1c22ad9c614f188bdd347fe05313e1af2a6420d717c15f0b9618ceaee541463e1bc8e20c74e333af0a77bb7055558e6005da85dcea9ab21b8

    • SSDEEP

      12288:xy90slLTnE44S/3ok3QT7hOH2EmCei6KkWG22u8Jvxsu:xy5f4S/4TTF82VI6K02bsJsu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks