General

  • Target

    f9cc60055d1c84f7f1b203a5e1c443ef69c4f611f458d23ac67439205ab8e99c

  • Size

    1.1MB

  • Sample

    241111-gvaj4sxqbq

  • MD5

    7119fd4f63eb5b4a9e53eb1edb1cafb8

  • SHA1

    54c805921eab172ed71f85b501966cff2a4cdfae

  • SHA256

    f9cc60055d1c84f7f1b203a5e1c443ef69c4f611f458d23ac67439205ab8e99c

  • SHA512

    828442dd74c46bea48fbce609cbab0f3ea4f86e104877ee95149ed0841dc2d9421143657392ccd183eecbbcd71886a937304a6804ce14a7c794df5dbfb765e12

  • SSDEEP

    24576:iypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:iyWVk6/b8tH5ZrTxxyMp4VNr5hVge

Malware Config

Targets

    • Target

      f9cc60055d1c84f7f1b203a5e1c443ef69c4f611f458d23ac67439205ab8e99c

    • Size

      1.1MB

    • MD5

      7119fd4f63eb5b4a9e53eb1edb1cafb8

    • SHA1

      54c805921eab172ed71f85b501966cff2a4cdfae

    • SHA256

      f9cc60055d1c84f7f1b203a5e1c443ef69c4f611f458d23ac67439205ab8e99c

    • SHA512

      828442dd74c46bea48fbce609cbab0f3ea4f86e104877ee95149ed0841dc2d9421143657392ccd183eecbbcd71886a937304a6804ce14a7c794df5dbfb765e12

    • SSDEEP

      24576:iypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:iyWVk6/b8tH5ZrTxxyMp4VNr5hVge

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks