General

  • Target

    7de15d5c26eecca5de035d9a34f91ce6b2fb0a1d698c62c0628fc5c2ed2221e9

  • Size

    612KB

  • Sample

    241110-ekw91symfy

  • MD5

    660b82c42fd7944d509e773d70ae08dd

  • SHA1

    ede0fb6b28735bb5e28f1da403a5839183ba2048

  • SHA256

    7de15d5c26eecca5de035d9a34f91ce6b2fb0a1d698c62c0628fc5c2ed2221e9

  • SHA512

    af71fe2955320821abf20f7324059c3ffa997a8ab61fe7ee14613d22f26e9cd45f247e015f3d21945f94526655b9d08826954d8f3cfb4c5397c806715bbc44a2

  • SSDEEP

    12288:yy90PMsf2hPEzrt5elZ+8NPORF9K9HRgHfE:yyLdPEzx2dNPoF9K9HRGc

Malware Config

Targets

    • Target

      7de15d5c26eecca5de035d9a34f91ce6b2fb0a1d698c62c0628fc5c2ed2221e9

    • Size

      612KB

    • MD5

      660b82c42fd7944d509e773d70ae08dd

    • SHA1

      ede0fb6b28735bb5e28f1da403a5839183ba2048

    • SHA256

      7de15d5c26eecca5de035d9a34f91ce6b2fb0a1d698c62c0628fc5c2ed2221e9

    • SHA512

      af71fe2955320821abf20f7324059c3ffa997a8ab61fe7ee14613d22f26e9cd45f247e015f3d21945f94526655b9d08826954d8f3cfb4c5397c806715bbc44a2

    • SSDEEP

      12288:yy90PMsf2hPEzrt5elZ+8NPORF9K9HRgHfE:yyLdPEzx2dNPoF9K9HRGc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks