General

  • Target

    90e57c5d47263e4f4a145fe67973df3011cb1e61645aacce6e490a3ea461cf42

  • Size

    618KB

  • Sample

    241110-ejjbrsyhjk

  • MD5

    04873ce78b9525ad569ce8c7a32d0363

  • SHA1

    c9dd43c067e16f20dbed2c0da78e2c96cb260c30

  • SHA256

    90e57c5d47263e4f4a145fe67973df3011cb1e61645aacce6e490a3ea461cf42

  • SHA512

    9776e20662ffba4a1259cd2f87547a73107c5375887c5e3a203af823c724b3dc2a967b7e678b003d5bdd0b088ce56a137472d2a318ec163d177b7dbdd27309b7

  • SSDEEP

    12288:hy90t2b8FoVVfBgckLoAsfCvTZlbxeThsV1TdePAwbwVOe3:hypb8GVhBgcLAGCvpghsV1TdeofVF3

Malware Config

Targets

    • Target

      90e57c5d47263e4f4a145fe67973df3011cb1e61645aacce6e490a3ea461cf42

    • Size

      618KB

    • MD5

      04873ce78b9525ad569ce8c7a32d0363

    • SHA1

      c9dd43c067e16f20dbed2c0da78e2c96cb260c30

    • SHA256

      90e57c5d47263e4f4a145fe67973df3011cb1e61645aacce6e490a3ea461cf42

    • SHA512

      9776e20662ffba4a1259cd2f87547a73107c5375887c5e3a203af823c724b3dc2a967b7e678b003d5bdd0b088ce56a137472d2a318ec163d177b7dbdd27309b7

    • SSDEEP

      12288:hy90t2b8FoVVfBgckLoAsfCvTZlbxeThsV1TdePAwbwVOe3:hypb8GVhBgcLAGCvpghsV1TdeofVF3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks