General

  • Target

    9527be4d5a558190ea4aeb8ab94397f1e2e80729eec028e80ddd3d8cad46bc4b

  • Size

    827KB

  • Sample

    241111-c5rh6a1ejh

  • MD5

    c24b9215589f2a237c6708146d04a31d

  • SHA1

    8760b44c21e912dc51f0b02760ba9df8cee477fa

  • SHA256

    9527be4d5a558190ea4aeb8ab94397f1e2e80729eec028e80ddd3d8cad46bc4b

  • SHA512

    40f29c64ca4f2255db2985101f1070ce024cc11eb85376e90e90f5de923aa9cfcb8bec912c32b7b1bb61b5ae09b3c6d24c8f3f7ebec63641227ad1b1bdfcc70a

  • SSDEEP

    12288:Wy90cgSp2KeyOVYTtExL4o6V9zrFiFyOen7N+NI3G+XhnpihIZ5pO:Wyw+2K/yYeJ4DoFyJn82XhCIvpO

Malware Config

Targets

    • Target

      9527be4d5a558190ea4aeb8ab94397f1e2e80729eec028e80ddd3d8cad46bc4b

    • Size

      827KB

    • MD5

      c24b9215589f2a237c6708146d04a31d

    • SHA1

      8760b44c21e912dc51f0b02760ba9df8cee477fa

    • SHA256

      9527be4d5a558190ea4aeb8ab94397f1e2e80729eec028e80ddd3d8cad46bc4b

    • SHA512

      40f29c64ca4f2255db2985101f1070ce024cc11eb85376e90e90f5de923aa9cfcb8bec912c32b7b1bb61b5ae09b3c6d24c8f3f7ebec63641227ad1b1bdfcc70a

    • SSDEEP

      12288:Wy90cgSp2KeyOVYTtExL4o6V9zrFiFyOen7N+NI3G+XhnpihIZ5pO:Wyw+2K/yYeJ4DoFyJn82XhCIvpO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks