General

  • Target

    fced7c97085c701b3ddfe7080002ee47738f9d2d10dca0004c2adf961e051656

  • Size

    559KB

  • Sample

    241111-gf456sxndr

  • MD5

    05fb422151d2a3d19c0eecb337febee0

  • SHA1

    85aa7120b55f8386028f1bb845433676d0a07556

  • SHA256

    fced7c97085c701b3ddfe7080002ee47738f9d2d10dca0004c2adf961e051656

  • SHA512

    a42b4aba04b4cff61cb2561a4ba4fac7d8a37d07c31108b6b8a3656cbb6ba8217a2ba5dc7bddb6a3152e31555ef9d0d499db1aac95f5da48862ad5d593c6af19

  • SSDEEP

    12288:sy902wGr7W1USP9tOF26u2/Ec6/+9zNDlzkPn1NRV:syBrqUS1Mju28wNDgv3

Malware Config

Targets

    • Target

      fced7c97085c701b3ddfe7080002ee47738f9d2d10dca0004c2adf961e051656

    • Size

      559KB

    • MD5

      05fb422151d2a3d19c0eecb337febee0

    • SHA1

      85aa7120b55f8386028f1bb845433676d0a07556

    • SHA256

      fced7c97085c701b3ddfe7080002ee47738f9d2d10dca0004c2adf961e051656

    • SHA512

      a42b4aba04b4cff61cb2561a4ba4fac7d8a37d07c31108b6b8a3656cbb6ba8217a2ba5dc7bddb6a3152e31555ef9d0d499db1aac95f5da48862ad5d593c6af19

    • SSDEEP

      12288:sy902wGr7W1USP9tOF26u2/Ec6/+9zNDlzkPn1NRV:syBrqUS1Mju28wNDgv3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks