General

  • Target

    30391c64583f86d776e8df677c2d5d04253bffca0c41da0f11c2f1078602e54f

  • Size

    936KB

  • Sample

    241111-amzeya1pcm

  • MD5

    bd691a6445044cd663924266faaec50f

  • SHA1

    1dde67ca0297ee55a7cd092e09e39a7ed6bee89e

  • SHA256

    30391c64583f86d776e8df677c2d5d04253bffca0c41da0f11c2f1078602e54f

  • SHA512

    1c7c580070bc4edfefd31b3b44eaa52074db4bed32c2a4efb3f6ba5d2abac98fe4eaa87607424c571704f8158f226205e57270fb8a0519966873c1c59cc11905

  • SSDEEP

    24576:tyoaPO+MFn3B3VsyEd89Zb1UY0GvQSZSs+q:Iu3BiyEgxzfvZi

Malware Config

Targets

    • Target

      30391c64583f86d776e8df677c2d5d04253bffca0c41da0f11c2f1078602e54f

    • Size

      936KB

    • MD5

      bd691a6445044cd663924266faaec50f

    • SHA1

      1dde67ca0297ee55a7cd092e09e39a7ed6bee89e

    • SHA256

      30391c64583f86d776e8df677c2d5d04253bffca0c41da0f11c2f1078602e54f

    • SHA512

      1c7c580070bc4edfefd31b3b44eaa52074db4bed32c2a4efb3f6ba5d2abac98fe4eaa87607424c571704f8158f226205e57270fb8a0519966873c1c59cc11905

    • SSDEEP

      24576:tyoaPO+MFn3B3VsyEd89Zb1UY0GvQSZSs+q:Iu3BiyEgxzfvZi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks